External Service Interaction Vulnerability in IBM WebSphere Cast Iron Solution
CVE-2016-9692
8.6HIGH
Summary
IBM WebSphere Cast Iron Solution versions 7.0.0 and 7.5.0.0 expose a vulnerability that allows remote attackers to exploit improper validation of user-supplied input. This imperfection can lead to unauthorized DNS lookups or HTTP requests to untrusted domains, enabling attackers to force the application server to interact with other systems. Successful exploitation may result in unauthorized access or data manipulation across interactive systems.
Affected Version(s)
WebSphere Cast Iron Cloud integration 7.0.0. 7.5.0.0
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved