CVE-2016-2861 - OpenCVE

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Websphere Extreme Scale

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.0:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.1:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.2:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.3:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.4:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.5:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.6:::::::*
	cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.7:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
http://www-01.ibm.com/support/docview.wss?uid=swg21983036	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2016-07-02T14:00:00

Updated: 2016-07-02T14:57:01

Reserved: 2016-03-09T00:00:00

Link: CVE-2016-2861

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-07-02T14:59:10.273

Modified: 2016-07-06T11:26:53.093

Link: CVE-2016-2861

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-07-02T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "PI60897", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036"}, {"name": "PI60898", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-2861", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "PI60897", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036"}, {"name": "PI60898", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-2861", "datePublished": "2016-07-02T14:00:00", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2016-07-02T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCF504C3-FC26-4B47-9D19-3095CEA85014", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "79D9CF88-822F-4D5C-85C6-6DA81E9E49F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0472C4A-F281-4D5F-BC47-93427833B907", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F24E300-FCBA-42E7-A0A0-8067FBE11C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0ACD3876-C36B-42DB-9174-C67DD0959BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B96C0D89-B07B-499E-A746-E3BF1AC6DBD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AA9F779-1F92-485D-BC34-0CB3A9FFA48A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A974178A-404C-4BB7-AFE6-8C4A53205B7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE60414F-6EB4-4285-850F-E0F2D5B36C1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "946C4833-5BB2-4E54-8260-CEB66F03AEF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE3DBEDF-A66C-4078-BD0D-8810B21EF58B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2EF20610-8715-4683-83D9-9BBF822C7754", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DAB3F96D-F1FD-4427-BA83-676DCB7A37AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D365BD10-F98D-4F66-8119-21EBF30C1F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "794E70DC-F220-4C2E-B7AD-15022B9C71D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}, {"lang": "es", "value": "IBM WebSphere eXtreme Scale 7.1.0 en versiones anteriores a 7.1.0.3, 7.1.1 en versiones anteriores a 7.1.1.1, 8.5 en versiones anteriores a 8.5.0.3 y 8.6 en versiones anteriores a 8.6.0.8 no encripta correctamente datos, lo que facilita a atacantes remotos obtener informaci\u00f3n sensible espiando la red."}], "id": "CVE-2016-2861", "lastModified": "2016-07-06T11:26:53.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-02T14:59:10.273", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}