Information Disclosure in IBM Campaign Affects Multiple Versions
CVE-2017-1116

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
27 April 2018

Summary

IBM Campaign versions 8.6, 9.0, and 9.1 (including updates) contain a vulnerability that exposes excessive details on the client side. This exposure presents an opportunity for authenticated users to gain insights that can be leveraged for conducting further attacks. As a result, user confidentiality could be compromised, making it critical for organizations utilizing these versions to evaluate their security practices and implement necessary safeguards.

Affected Version(s)

Campaign 8.6

Campaign 9.0

Campaign 9.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.