CVE-2016-2861

LOW

IBM WebSphere eXtreme Scale Sensitive Information Exposure via Improper Data Encryption

Title source: llm
STIX 2.1

Description

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

References (3)

Core 3
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898

Scores

CVSS v3 3.7
EPSS 0.0105
EPSS Percentile 60.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (15)
ibm/websphere_extreme_scale 7.1.0
ibm/websphere_extreme_scale 7.1.0.2
ibm/websphere_extreme_scale 7.1.1
ibm/websphere_extreme_scale 8.5.0
ibm/websphere_extreme_scale 8.5.0.1
ibm/websphere_extreme_scale 8.5.0.2
ibm/websphere_extreme_scale 8.6.0
ibm/websphere_extreme_scale 8.6.0.0
ibm/websphere_extreme_scale 8.6.0.1
ibm/websphere_extreme_scale 8.6.0.2
... and 5 more
Published Jul 02, 2016
Tracked Since Feb 18, 2026