CVE-2017-1480

CWE-532Log File Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 67.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Security Access ManagerIBM Security Access Manager FOR MobileIBM Security Access Manager FOR WEB
Timeline
PublishedJun 6
Latest updateMay 13

Description

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/security_access_manager9.0.09.0.3.1+1
CVEListV5ibm/security_access_manager19 versions+18

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-hq5f-r2v7-qp3x: IBM Security Access Manager Appliance 82022-05-13
CVEList
CVE-2017-1480: IBM Security Access Manager Appliance 82018-06-06
CVE-2017-1480 (MEDIUM CVSS 4.3) | IBM Security Access Manager Applian | cvebase.io