CVE-2017-1355

3.7LOW

Key Information:

Vendor: IBM
Status: Atlas Ediscovery Process Management
Vendor: CVE Published:; 7 December 2017

Summary

IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.

Affected Version(s)

Atlas eDiscovery Process Management 6.0.3

Atlas eDiscovery Process Management 6.0.3.2

Atlas eDiscovery Process Management 6.0.3.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/126682

x_refsource_MISC

https://www.ibm.com/support/docview.wss?uid=swg22005836

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102016

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2017
Vulnerability Reserved
Nov 30, 2016

.