Skip to main content

Websphere Extreme Scale CVE-2016-2861

LOW
Information Exposure (CWE-200)
2016-07-02 psirt@us.ibm.com
3.7
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 02, 2016 - 14:59 cve.org
LOW 3.7

DescriptionCVE.org

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

AnalysisAI

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Affected products include: Ibm Websphere Extreme Scale. Version information: before 7.1.0.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-0400 MEDIUM POC
6.1 Jul 02

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0

CVE-2026-13772 CRITICAL
9.9 Jun 30

Arbitrary constructor invocation (leading to code execution) in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 lets

CVE-2026-13759 HIGH
8.8 Jun 30

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0-8.6.1.6 arises because three bundled ObjectInputStream subc

CVE-2013-5393 HIGH
7.5 Oct 16

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff ac

CVE-2026-13773 CRITICAL
10.0 Jun 30

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 arises from roughly 50 generated CORBA stub

CVE-2026-9002 MEDIUM
6.5 Jun 30

Denial of service in IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 allows adjacent unauthenticated attackers to cr

CVE-2019-4109 MEDIUM
6.1 Sep 30

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim.

CVE-2015-2026 MEDIUM
6.0 Oct 04

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1

CVE-2019-4115 MEDIUM
5.4 Sep 30

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this

CVE-2015-4936 MEDIUM
5.0 Aug 03

Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial o

CVE-2015-2030 MEDIUM
5.0 Oct 04

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which

CVE-2013-5394 MEDIUM
4.9 Oct 16

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users t

Share

CVE-2016-2861 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy