CVE-2016-8982: Infoleak
First published: Wed Feb 01 2017(Updated: )
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DataStage | =8.7 | |
| IBM DataStage | =9.1 | |
| IBM DataStage | =11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8982?
CVE-2016-8982 is considered a medium severity vulnerability due to the potential for information disclosure.
How do I fix CVE-2016-8982?
To fix CVE-2016-8982, ensure that sensitive information is not included in URL parameters and implement secure coding practices.
What systems are affected by CVE-2016-8982?
CVE-2016-8982 affects IBM InfoSphere DataStage versions 8.7, 9.1, and 11.3.
What type of vulnerability is CVE-2016-8982?
CVE-2016-8982 is an information disclosure vulnerability that exposes sensitive data through URL parameters.
Who is at risk from CVE-2016-8982?
Organizations using affected versions of IBM InfoSphere DataStage may be at risk if unauthorized users gain access to server logs or URLs.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm datastage
- version/ibm datastage/8.7
- version/ibm datastage/9.1
- version/ibm datastage/11.3