Information Disclosure and Data Modification in IBM IMS Enterprise Suite Data Provider
CVE-2016-2887

8.1HIGH

Key Information:

Vendor: IBM
Status: Ims Enterprise Suite
Vendor: CVE Published:; 30 November 2016

What is CVE-2016-2887?

The IBM IMS Enterprise Suite Data Provider before version 3.2.0.1 for Microsoft .NET is susceptible to a vulnerability that enables remote authenticated users to access sensitive information or modify data. This issue arises from unspecified vectors that could be exploited, compromising the integrity and confidentiality of the data handled by the product. Organizations using this version are advised to assess their exposure and apply necessary patches to mitigate potential risks.

References

http://www.securityfocus.com/bid/94611

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21982967

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2016
Vulnerability Reserved
Mar 9, 2016