CVE-2017-1107

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 55.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Marketing Platform
Timeline
PublishedJun 19
Latest updateMay 24

Description

IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/marketing_platform4 versions+3
NVDibm/marketing_platform4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-hcfv-65gf-h2wv: IBM Marketing Platform 92022-05-24
CVEList
CVE-2017-1107: IBM Marketing Platform 92019-06-19

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation2017-05-17
CVE-2017-1107 (MEDIUM CVSS 4.3) | IBM Marketing Platform 9.1.0 | cvebase.io