CVE-2016-9717

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
ibminfosphere_master_data_management_server
10.1
ibminfosphere_master_data_management_server
11.0
ibminfosphere_master_data_management_server
11.3
ibminfosphere_master_data_management_server
11.4
ibminfosphere_master_data_management_server
11.5
ibminfosphere_master_data_management_server
11.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22006605
http://www.securityfocus.com/bid/100074
https://exchange.xforce.ibmcloud.com/vulnerabilities/119730
http://www.ibm.com/support/docview.wss?uid=swg22006605
http://www.securityfocus.com/bid/100074
https://exchange.xforce.ibmcloud.com/vulnerabilities/119730