CVE-2016-5953
Last modified
CVE-2016-5953 is a vulnerability of currently unknown severity. IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.. EPSS estimates a 0.84% chance of exploitation in the next 30 days.
Description
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sterling Selling And Fulfillment Foundation | 9.1.0 |
| Ibm | Sterling Selling And Fulfillment Foundation | 9.2.0 |
| Ibm | Sterling Selling And Fulfillment Foundation | 9.2.1 |
| Ibm | Sterling Selling And Fulfillment Foundation | 9.3 |
| Ibm | Sterling Selling And Fulfillment Foundation | 9.4 |
| Ibm | Sterling Selling And Fulfillment Foundation | 9.5 |
References
- http://www.ibm.com/support/docview.wss?uid=swg21994521Patch, Vendor Advisory
- http://www.securityfocus.com/bid/95431Third Party Advisory, VDB Entry
- http://www.ibm.com/support/docview.wss?uid=swg21994521Patch, Vendor Advisory
- http://www.securityfocus.com/bid/95431Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-5953?
How severe is CVE-2016-5953?
How do I fix CVE-2016-5953?
Are you affected by CVE-2016-5953?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST