CVE-2016-9717

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 56.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management IBM Infosphere Master Data Management Server

Timeline

PublishedJul 31

Latest updateMay 17

Description

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/infosphere_master_data_management8 versions+7

▶NVDibm/infosphere_master_data_management_server6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-w998-p9rv-h3j9: HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10↗2022-05-17

▶

CVEList

CVE-2016-9717: HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10↗2017-07-31

▶