CVE-2016-5994 — Sensitive Information Exposure in Corporation Infosphere Information Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 47.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Infosphere Information Server IBM Infosphere Information Server

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/infosphere_information_server11.5

▶CVEListV5ibm_corporation/infosphere_information_server13 versions+12

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-cvf8-x2hr-5f3p: IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine i↗2022-05-17

▶

CVEList

CVE-2016-5994: IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine i↗2017-02-01

▶