PT-2017-8837 · Ibm · Ibm Distributed Marketing

Published

2017-05-15

Updated

2017-05-23

CVE-2016-5979

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions IBM Distributed Marketing versions 8.6 through 10.0

Description The issue allows a privileged authenticated user to create an instance with a security profile that is not valid for the templates. This results in the new instance not being accessible to the intended user.

Recommendations For versions 8.6 through 10.0, consider restricting the creation of new instances to prevent unauthorized access until a fix is available. As a temporary workaround, review and manually adjust the security profiles of newly created instances to ensure they are accessible to the intended users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-5979

Affected Products

Ibm Distributed Marketing

PT-2017-8837 · Ibm · Ibm Distributed Marketing

CVE-2016-5979

Weakness Enumeration

Related Identifiers

Affected Products

References · 3