Sensitive Information Exposure in IBM Marketing Platform
CVE-2017-1107

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Marketing Platform
Vendor
CVE Published:
19 June 2019

Summary

IBM Marketing Platform versions 9.1.0, 9.1.2, 10.0, and 10.1 expose sensitive information through the HTTP headers. This exposure could be exploited by authenticated attackers to facilitate further attacks against the system, posing a significant risk to user data integrity. To mitigate this risk, organizations should apply the latest patches and review their security configurations.

Affected Version(s)

Marketing Platform 9.1.2

Marketing Platform 10.0

Marketing Platform 9.1.0

References

https://www.ibm.com/support/docview.wss?uid=ibm10887815
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/120906
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/108918
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.