CVE-2016-2983 - OpenCVE

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Tealeaf Customer Experience

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg22006393
http://www.ibm.com/support/docview.wss?uid=swg22006455
http://www.securityfocus.com/bid/102891
https://exchange.xforce.ibmcloud.com/vulnerabilities/113999

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-01-26T21:00:00Z

Updated: 2024-09-17T01:01:43.379Z

Reserved: 2016-03-09T00:00:00

Link: CVE-2016-2983

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-01-26T21:29:00.210

Modified: 2018-02-07T12:45:17.357

Link: CVE-2016-2983

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Tealeaf Customer Experience", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.0.2"}, {"status": "affected", "version": "8.7"}, {"status": "affected", "version": "8.8"}]}], "datePublic": "2018-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999."}], "problemTypes": [{"descriptions": [{"description": "Bypass Security", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006393"}, {"name": "102891", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102891"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-23T00:00:00", "ID": "CVE-2016-2983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tealeaf Customer Experience", "version": {"version_data": [{"version_value": "9.0.2"}, {"version_value": "8.7"}, {"version_value": "8.8"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Bypass Security"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=swg22006455", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22006393", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22006393"}, {"name": "102891", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102891"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:40:14.510Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006393"}, {"name": "102891", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102891"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-2983", "datePublished": "2018-01-26T21:00:00Z", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2024-09-17T01:01:43.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "41B6A77E-1686-44A6-B1E4-AC63A0466AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "FBAC9796-BA52-48AF-9326-3C2343BE2342", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2AFA47D5-AC5B-4A1B-83A6-EE5D49ECE489", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999."}, {"lang": "es", "value": "IBM Tealeaf Customer Experience 8.7, 8.8 y 9.0.2 podr\u00eda permitir que un atacante remoto, bajo circunstancias no usuales, lea datos de operaciones o el estado de la sesi\u00f3n TLS para cualquier sesi\u00f3n activa, provocar una denegaci\u00f3n de servicio (DoS) u omitir la seguridad. IBM X-Force ID: 113999."}], "id": "CVE-2016-2983", "lastModified": "2018-02-07T12:45:17.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-26T21:29:00.210", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006393"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102891"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}