Main Vulnerability Database Vulnerabilities #VU38621

Information Exposure Through an Error Message in Jazz Reporting Service - CVE-2017-1370

Published: July 31, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38621

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-1370

CWE-ID: CWE-209

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Jazz Reporting Service

Detailed vulnerability description

The vulnerability allows a remote privileged user to gain access to sensitive information.

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.

How to mitigate CVE-2017-1370

Install update from vendor's website.

Sources

http://www.ibm.com/support/docview.wss?uid=swg22005868
http://www.securityfocus.com/bid/99954
https://exchange.xforce.ibmcloud.com/vulnerabilities/126863

Information Exposure Through an Error Message in Jazz Reporting Service - CVE-2017-1370

Detailed vulnerability description

How to mitigate CVE-2017-1370

Sources

Please verify you're human