CVE-2016-2861
LOWIBM WebSphere eXtreme Scale Sensitive Information Exposure via Improper Data Encryption
Title source: llmDescription
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
References (3)
Core 3
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
Scores
CVSS v3
3.7
EPSS
0.0105
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (15)
ibm/websphere_extreme_scale
7.1.0
ibm/websphere_extreme_scale
7.1.0.2
ibm/websphere_extreme_scale
7.1.1
ibm/websphere_extreme_scale
8.5.0
ibm/websphere_extreme_scale
8.5.0.1
ibm/websphere_extreme_scale
8.5.0.2
ibm/websphere_extreme_scale
8.6.0
ibm/websphere_extreme_scale
8.6.0.0
ibm/websphere_extreme_scale
8.6.0.1
ibm/websphere_extreme_scale
8.6.0.2
... and 5 more
Published
Jul 02, 2016
Tracked Since
Feb 18, 2026