// For flags

CVE-2017-1286

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.

La información sensible sobre la configuración del servidor y la base de datos de IBM UrbanCode Deploy desde la versión 6.1 hasta la 6.9.6.0 puede ser obtenida por un usuario al que se le hayan otorgado permisos elevados en la interfaz de usuario, incluso después de que dichos permisos elevados hayan sido revocados. IBM X-Force ID: 125147.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-11-30 CVE Reserved
  • 2018-08-13 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
 Urbancode Deploy
Search vendor "Ibm" for product "Urbancode Deploy"
 > 6.1 <= 6.9.6.0
Search vendor "Ibm" for product "Urbancode Deploy" and version " > 6.1 <= 6.9.6.0"
-
Affected