IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1474)

Description

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.

Remediation

References

CVE-2017-1474

Related Vulnerabilities

PHP Other Vulnerability (CVE-2001-1385)

WordPress Plugin Image Gallery-Responsive Photo Gallery SQL Injection (1.8.9)

MySQL CVE-2021-35632 Vulnerability (CVE-2021-35632)

WordPress Plugin Easy Google Map Cross-Site Scripting (1.1.4)

WordPress Plugin WP Yelp Review Slider SQL Injection (7.0)

Severity

Medium

Classification

CVE-2017-1474 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N