CVE-2016-3000 — Improper Input Validation in IBM Connections

CWE-20 — Improper Input Validation CWE-287 — Improper Authentication6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Connections

Timeline

PublishedSep 26

Latest updateMay 17

Description

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDibm/connections4 versions+3

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-w8px-hm42-g43j: The help service in IBM Connections 4↗2022-05-17

▶

CVEList

CVE-2016-3000: The help service in IBM Connections 4↗2016-09-26

▶

💥Exploits & PoCs

Exploit-DB

Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation↗2016-04-08

▶

Exploit-DB

Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)↗2016-03-14

▶

📋Vendor Advisories

Cisco

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability↗2016-03-03

▶