Information Disclosure in IBM Jazz for Service Management
CVE-2016-5935

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Tivoli Components
Vendor: CVE Published:; 2 February 2017

What is CVE-2016-5935?

The IBM Jazz for Service Management software is susceptible to an information disclosure vulnerability due to improper validation of SSL certificates. This weakness could be exploited by remote attackers to intercept sensitive information through man-in-the-middle attacks, potentially exposing confidential data and compromising user security. It is crucial for organizations using this software to implement the recommended patches and review their SSL configurations to mitigate this risk.

Affected Version(s)

Tivoli Components 1.1

Tivoli Components 1.1.0.1

Tivoli Components 1.1.0.2

References

http://www.securityfocus.com/bid/96003

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21997711

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2017
Vulnerability Reserved
Jun 29, 2016