CVE-2016-5935

MEDIUM

IBM Jazz - Info Disclosure

Title source: llm

Description

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

References (2)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21997711

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96003

Scores

CVSS v3 5.9

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (13)

ibm/dashboard_application_services_hub

IBM Corporation/Tivoli Components < 1.1

IBM Corporation/Tivoli Components < 1.1.0.1

IBM Corporation/Tivoli Components < 1.1.0.2

IBM Corporation/Tivoli Components < 1.1.0.3

IBM Corporation/Tivoli Components < 2.1

IBM Corporation/Tivoli Components < 2.2

IBM Corporation/Tivoli Components < 1.1.1

IBM Corporation/Tivoli Components < 1.1.2

IBM Corporation/Tivoli Components < 1.1.2.1

IBM Corporation/Tivoli Components < 2.1.1.0

IBM Corporation/Tivoli Components < 2.1.1.2

IBM Corporation/Tivoli Components < 1.1.3

Timeline

Published Feb 02, 2017

Tracked Since Feb 18, 2026