Remote Information Disclosure in IBM Marketing Operations
CVE-2017-1119

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Marketing Operations
Vendor: CVE Published:; 9 November 2018

What is CVE-2017-1119?

A vulnerability in IBM Marketing Operations could enable a remote attacker to access sensitive information. By sending a specifically crafted request, an attacker may trigger an error message revealing the full root path of the system. This exposure can facilitate further attacks, significantly increasing the risk to system integrity and secure data.

Affected Version(s)

Marketing Operations 9.1.2

Marketing Operations 10.1

Marketing Operations 9.1.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/121171

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10738519

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2018
Vulnerability Reserved
Nov 30, 2016