CVE-2017-1272: Infoleak
First published: Mon Dec 17 2018(Updated: )
IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM InfoSphere Guardium z/OS | >=10.0<=10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1272?
The severity of CVE-2017-1272 is considered to be moderate due to the risk of information disclosure.
How do I fix CVE-2017-1272?
To fix CVE-2017-1272, IBM recommends upgrading to the latest version of IBM Security Guardium that addresses this issue.
What type of information is exposed in CVE-2017-1272?
CVE-2017-1272 exposes sensitive information stored in URL parameters which may lead to unauthorized access.
Which versions of IBM Security Guardium are affected by CVE-2017-1272?
CVE-2017-1272 affects IBM Security Guardium versions 10.0 and 10.5.
What could potentially exploit CVE-2017-1272?
Unauthorized parties could exploit CVE-2017-1272 through access to server logs, the referrer header, or browser history.
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm infosphere guardium z/os
- version/ibm infosphere guardium z/os/10.0
- version/ibm infosphere guardium z/os/10.5