Information Disclosure in IBM Jazz for Service Management
CVE-2016-5935

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
2 February 2017

Summary

The IBM Jazz for Service Management software is susceptible to an information disclosure vulnerability due to improper validation of SSL certificates. This weakness could be exploited by remote attackers to intercept sensitive information through man-in-the-middle attacks, potentially exposing confidential data and compromising user security. It is crucial for organizations using this software to implement the recommended patches and review their SSL configurations to mitigate this risk.

Affected Version(s)

Tivoli Components 1.1

Tivoli Components 1.1.0.1

Tivoli Components 1.1.0.2

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.