CVE-2016-3002 — Sensitive Information Exposure in IBM Connections

CWE-200 — Sensitive Information Exposure CWE-77 — Command Injection CWE-78 — OS Command Injection5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Connections

Timeline

PublishedNov 30

Latest updateMay 24

Description

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 0.7 | Impact: 1.4

Affected Packages1 packages

▶NVDibm/connections4.0.0.0, 4.5.0.0, 5.0.0.0+2

🔴Vulnerability Details

GHSA

Command Injection in SaltStack Salt↗2022-05-24

▶

GHSA

GHSA-393m-vg99-2x36: IBM Connections 4↗2022-05-17

▶

CVEList

CVE-2016-3002: IBM Connections 4↗2016-11-30

▶

📋Vendor Advisories

Red Hat

salt: Command injection in the snapper module↗2021-04-23

▶