Information Disclosure in IBM Campaign Affects Multiple Versions
CVE-2017-1116

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Campaign
Vendor
CVE Published:
27 April 2018

Summary

IBM Campaign versions 8.6, 9.0, and 9.1 (including updates) contain a vulnerability that exposes excessive details on the client side. This exposure presents an opportunity for authenticated users to gain insights that can be leveraged for conducting further attacks. As a result, user confidentiality could be compromised, making it critical for organizations utilizing these versions to evaluate their security practices and implement necessary safeguards.

Affected Version(s)

Campaign 8.6

Campaign 9.0

Campaign 9.1

References

http://www.ibm.com/support/docview.wss?uid=swg22015569
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/121154
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/104011
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.