CVE-2016-5935

MEDIUM

IBM Dashboard Application Services Hub - Exposure of Sensitive Information via Improper SSL Certificate Validation

Title source: llm
STIX 2.1

Description

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96003
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21997711

Scores

CVSS v3 5.9
EPSS 0.0012
EPSS Percentile 29.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (13)
ibm/dashboard_application_services_hub 3.1.3
IBM Corporation/Tivoli Components 1.1
IBM Corporation/Tivoli Components 1.1.0.1
IBM Corporation/Tivoli Components 1.1.0.2
IBM Corporation/Tivoli Components 1.1.0.3
IBM Corporation/Tivoli Components 1.1.1
IBM Corporation/Tivoli Components 1.1.2
IBM Corporation/Tivoli Components 1.1.2.1
IBM Corporation/Tivoli Components 1.1.3
IBM Corporation/Tivoli Components 2.1
... and 3 more
Published Feb 02, 2017
Tracked Since Feb 18, 2026