CVE-2016-0238

{"id": "CVE-2016-0238", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2017-07-05T13:29:00.207", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg21989124", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/99379", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110409", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409"}, {"lang": "es", "value": "IBM Security Guardiam 9.0, 9.1, 9.5, 10.0 y 10.1 transmite informaci\u00f3n sensible en texto plano en la sentencia de la solicitud. Esto podr\u00eda permitir a un atacante obtener informaci\u00f3n sensible utilizando la t\u00e9cnica Man-In-TheMiddle. IBM X-Force ID:110409."}], "lastModified": "2017-07-11T17:07:41.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C62744-22BD-4038-8257-822ADDAC370D"}, {"criteria": "cpe:2.3:a:ibm:security_guardium:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26EA5CC2-F4BE-4F22-AC85-1956EFA88B66"}, {"criteria": "cpe:2.3:a:ibm:security_guardium:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37342DD2-055B-429C-9231-2D9FE70B5AE5"}, {"criteria": "cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "552A0A69-388F-4842-A882-78F267D4BF09"}, {"criteria": "cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "148A8443-DF7A-42AA-8D86-128CCC1D871E"}, {"criteria": "cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E6B962-F8F8-4979-BC76-AE0B16EEB082"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}