CVE-2017-1155

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.5%

top 33.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Algo ONE IBM Algo ONE

Timeline

PublishedMar 20

Latest updateMay 17

Description

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/algo_one4.9.1, 5.0.0, 5.1.0+2

▶CVEListV5ibm_corporation/algo_one6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2345-39p5-m5xp: IBM Algorithmics One-Algo Risk Application 4↗2022-05-17

▶

CVEList

CVE-2017-1155: IBM Algorithmics One-Algo Risk Application 4↗2017-03-20

▶