Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-1681 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
IBM Algo One Core Client/Desktop applications / Other client software |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU10431
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-1681
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the web interface of IBM WebSphere Application Server
due to the improper handling of application
requests. A local attacker can send a specially crafted request and obtain unauthorized access to read a file.
Update to version 5.0.0.6-23 or 5.1.0.3-2.
Vulnerable software versionsIBM Algo One Core: 5.0.0 - 5.1.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.