Improper authorization - CVE-2016-0349
Published: June 29, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU48
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-0349
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote attacker to modify data on the target system.
The vulnerability exists due to access control error. A remote authenticated user can update process instance variables on the target system.
Successful exploitation of this vulnerability may result in modification of system information
The vulnerability exists due to access control error. A remote authenticated user can update process instance variables on the target system.
Successful exploitation of this vulnerability may result in modification of system information
How to mitigate CVE-2016-0349
IBM has issued a fix (APAR JR55701).