CVE-2016-9719

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.7MEDIUM

EPSS

0.2%

top 62.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management IBM Infosphere Master Data Management Server

Timeline

PublishedJul 31

Latest updateMay 17

Description

IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/infosphere_master_data_management_server6 versions+5

▶CVEListV5ibm/infosphere_master_data_management8 versions+7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-v9pj-f8p3-2rf3: IBM InfoSphere Master Data Management Server 10↗2022-05-17

▶

CVEList

CVE-2016-9719: IBM InfoSphere Master Data Management Server 10↗2017-07-31

▶