CVE-2016-8982

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 55.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Infosphere Datastage IBM Infosphere Datastage

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/infosphere_datastage11.3, 8.7, 9.1+2

▶CVEListV5ibm_corporation/infosphere_datastage4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-86gw-59mw-3ww4: IBM InfoSphere Information Server stores sensitive information in URL parameters↗2022-05-17

▶

CVEList

CVE-2016-8982: IBM InfoSphere Information Server stores sensitive information in URL parameters↗2017-02-01

▶