CVE-2016-8917

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources

Severity

8.8HIGH

EPSS

0.2%

top 64.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Sterling Order Management IBM Sterling Selling AND Fulfillment Foundation

Timeline

PublishedMar 31

Latest updateMay 17

Description

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm_corporation/sterling_order_management8 versions+7

▶NVDibm/sterling_selling_and_fulfillment_foundation5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wp9-rrxh-9hpq: IBM Sterling Order Management 9↗2022-05-17

▶

CVEList

CVE-2016-8917: IBM Sterling Order Management 9↗2017-03-31

▶

OSV

libarchive vulnerabilities↗2016-07-14

▶

💬Community

Bugzilla

CVE-2015-8917 libarchive: NULL pointer access in CAB parser↗2016-06-21

▶