CVE-2014-8903 - Vulnerability Details

Vendors	Products
Ibm	Curam Social Program Management

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21700098
http://www.securityfocus.com/bid/73947

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-02T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "73947", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73947"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-8903", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "73947", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73947"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:33:12.578Z"}, "title": "CVE Program Container", "references": [{"name": "73947", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/73947"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-8903", "datePublished": "2017-08-02T19:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2024-08-06T13:33:12.578Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-03-26T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-02T18:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : 73947 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/73947 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21700098 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2014-8903 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 73947 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/73947 (string)

}

1 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21700098 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21700098 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T13:33:12.578Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 73947 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/73947 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21700098 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2014-8903 (string)

datePublished : 2017-08-02T19:00:00 (string)

dateReserved : 2014-11-14T00:00:00 (string)

dateUpdated : 2024-08-06T13:33:12.578Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "DE01821C-590F-40E1-A973-5DF0EA0151D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."}, {"lang": "es", "value": "IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5iFix10 y 6.0.5 anterior a 6.0.5.6 permite que atacantes remotos carguen clases Java arbitrarias utilizando vectores no especificados."}], "id": "CVE-2014-8903", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-02T19:29:00.257", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/73947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/73947"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 5C54B484-6735-460B-B8CD-CEC0A95E9E8F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BB8E3B08-7171-414D-8A41-14C9E18B1BAB (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 940271A7-2CC3-4A34-BB5A-D9F4D45A7895 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 13AA664F-BCD8-4CED-A201-E2543D437E1C (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:* (string)

matchCriteriaId : A6711519-4E7D-4782-8372-7996C24E50D6 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 32D0CA3E-2649-4B4B-A805-81213FC07A12 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 510DC15C-03F8-4058-A88A-13EFC48A43C4 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:* (string)

matchCriteriaId : DE01821C-590F-40E1-A973-5DF0EA0151D8 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 17929DC8-0E48-4BF4-AAFE-6463C8540FF9 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2FD3FF4C-C12A-4CBC-8983-85929C5D121E (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : DAE6D88C-92CF-415E-978C-0107C4C4C52C (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : CB928C52-91BB-43A6-B25F-F359F05F1388 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 25DE6951-4C91-4443-843C-805D416F4074 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 23EA1C1F-003F-4411-AC1D-F75811D6FFEC (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:* (string)

matchCriteriaId : E89D44FA-FE58-4A4E-8DB1-BA9667A16612 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:* (string)

matchCriteriaId : AD0FCFA0-2443-4AE9-ACE6-394A67443808 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D4A5540-525C-4F99-BA26-3B988B5A08D3 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C5C061E-A4F5-4478-A9E4-D8BA156085B9 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 12A2D187-7B5D-44D1-A766-A972F257EF54 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5iFix10 y 6.0.5 anterior a 6.0.5.6 permite que atacantes remotos carguen clases Java arbitrarias utilizando vectores no especificados. (string)

}

]

id : CVE-2014-8903 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-08-02T19:29:00.257 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21700098 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/73947 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21700098 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/73947 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-77 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object