CVE-2016-5953
CVE-2016-5953
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
01 Feb 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
Affected products
IBM Corporation · Sterling Order ManagementWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →