Vulnerability-Lookup

CVE-2016-6112 (GCVE-0-2016-6112)

Vulnerability from cvelistv5 – Published: 2017-05-22 20:00 – Updated: 2024-08-06 01:22

Summary

IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.

Severity

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Gain Privileges

Assigner

ibm

References

1 reference

URL	Tags
http://www.ibm.com/support/docview.wss?uid=swg21992739	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
IBM Corporation	Marketing Platform	Affected: 8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0

Date Public

2017-05-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Marketing Platform",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-22T19:57:01.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Marketing Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992739",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6112",
    "datePublished": "2017-05-22T20:00:00.000Z",
    "dateReserved": "2016-06-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:22:20.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-6112",
      "date": "2026-06-07",
      "epss": "0.00349",
      "percentile": "0.5768"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8A5AFAE-62C2-4606-8173-862BE8575821\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFFD0672-3CA3-41C4-B20C-884DF334A176\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A0E390-060B-4037-BD87-B0F96DE21CFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"805E751A-E060-48BC-B98A-5EBDA75DBCFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A394A760-E812-4D3C-9B00-F55EEA03CFB5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_operations:8.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACFA73E2-B8C4-494F-B894-D25A024B4559\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_operations:9.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E41E05D9-5E80-42F3-B7A3-C1933EB5D873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_operations:9.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB557416-74AD-4E44-8440-1DEBD90AEC2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:marketing_operations:10.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4655821-4F02-4B21-B451-F627ECADAED1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:distributed_marketing:8.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67832F29-CC33-43DE-BE61-5534B2DCD03E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:distributed_marketing:9.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"286F79AB-AE7E-4A30-9290-7F197268203E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:distributed_marketing:9.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E69AC4F-A5CB-4270-9AE7-706D4D59F61F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:distributed_marketing:10.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E63FD79-9964-45C8-BE39-22D37ACECECD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.\"}, {\"lang\": \"es\", \"value\": \"IBM Distributed Marketing y Marketing Platform 8.6, 9.0, 9.1 y 10.0 podr\\u00eda permitir a un usuario autenticado escalar sus privilegios y obtener permisos administrativos sobre la aplicaci\\u00f3n web. IBM X-Force ID: 118282.\"}]",
      "id": "CVE-2016-6112",
      "lastModified": "2024-11-21T02:55:28.793",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-22T20:29:00.173",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21992739\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21992739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6112\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2017-05-22T20:29:00.173\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.\"},{\"lang\":\"es\",\"value\":\"IBM Distributed Marketing y Marketing Platform 8.6, 9.0, 9.1 y 10.0 podr\u00eda permitir a un usuario autenticado escalar sus privilegios y obtener permisos administrativos sobre la aplicaci\u00f3n web. IBM X-Force ID: 118282.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8A5AFAE-62C2-4606-8173-862BE8575821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFFD0672-3CA3-41C4-B20C-884DF334A176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A0E390-060B-4037-BD87-B0F96DE21CFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"805E751A-E060-48BC-B98A-5EBDA75DBCFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A394A760-E812-4D3C-9B00-F55EEA03CFB5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_operations:8.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFA73E2-B8C4-494F-B894-D25A024B4559\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_operations:9.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E41E05D9-5E80-42F3-B7A3-C1933EB5D873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_operations:9.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB557416-74AD-4E44-8440-1DEBD90AEC2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:marketing_operations:10.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4655821-4F02-4B21-B451-F627ECADAED1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:distributed_marketing:8.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67832F29-CC33-43DE-BE61-5534B2DCD03E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:distributed_marketing:9.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286F79AB-AE7E-4A30-9290-7F197268203E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:distributed_marketing:9.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E69AC4F-A5CB-4270-9AE7-706D4D59F61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:distributed_marketing:10.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E63FD79-9964-45C8-BE39-22D37ACECECD\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21992739\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21992739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-07527

Vulnerability from cnvd - Published: 2017-05-26

Title

IBM Distributed Marketing、Marketing Platform和Marketing Operations远程权限提升漏洞

Description

IBM Distributed Marketing、Marketing Platform和Marketing Operations都是美国IBM公司的产品。IBM Distributed Marketing是一套全渠道营销解决方案。IBM Marketing Platform是一套支持营销人员利用和分析客户在网站、手机和社交媒体上的交互行为的营销平台。IBM Marketing Operations（前称IBM Unica Marketing Operations）是一套营销管理软件。 IBM Distributed Marketing、Marketing Platform和Marketing Operations中存在远程权限提升漏洞。攻击者可利用该漏洞提升权限，获取Web应用程序的管理员权限。

Severity

高

Patch Name

IBM Distributed Marketing、Marketing Platform和Marketing Operations远程权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg21992739

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21992739

Impacted products

Name
['IBM Marketing Platform 8.6.0.x', 'IBM Marketing Platform 9.0', 'IBM Marketing Platform 9.1x', 'IBM Marketing Platform 9.1.2.x', 'IBM Marketing Platform 10.0.0.x', 'IBM Marketing Operations 8.6.0.x', 'IBM Marketing Operations 9.0', 'IBM Marketing Operations 9.1x', 'IBM Marketing Operations 9.1.2.x', 'IBM Marketing Operations 10.0.0.x', 'IBM Distributed Marketing 8.6.0.x', 'IBM Distributed Marketing 9.0', 'IBM Distributed Marketing 9.1x', 'IBM Distributed Marketing 9.1.2.x', 'IBM Distributed Marketing 10.0.0.x']

Name

['IBM Marketing Platform 8.6.0.x', 'IBM Marketing Platform 9.0', 'IBM Marketing Platform 9.1x', 'IBM Marketing Platform 9.1.2.x', 'IBM Marketing Platform 10.0.0.x', 'IBM Marketing Operations 8.6.0.x', 'IBM Marketing Operations 9.0', 'IBM Marketing Operations 9.1x', 'IBM Marketing Operations 9.1.2.x', 'IBM Marketing Operations 10.0.0.x', 'IBM Distributed Marketing 8.6.0.x', 'IBM Distributed Marketing 9.0', 'IBM Distributed Marketing 9.1x', 'IBM Distributed Marketing 9.1.2.x', 'IBM Distributed Marketing 10.0.0.x']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98619"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6112"
    }
  },
  "description": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM Distributed Marketing\u662f\u4e00\u5957\u5168\u6e20\u9053\u8425\u9500\u89e3\u51b3\u65b9\u6848\u3002IBM Marketing Platform\u662f\u4e00\u5957\u652f\u6301\u8425\u9500\u4eba\u5458\u5229\u7528\u548c\u5206\u6790\u5ba2\u6237\u5728\u7f51\u7ad9\u3001\u624b\u673a\u548c\u793e\u4ea4\u5a92\u4f53\u4e0a\u7684\u4ea4\u4e92\u884c\u4e3a\u7684\u8425\u9500\u5e73\u53f0\u3002IBM Marketing Operations\uff08\u524d\u79f0IBM Unica Marketing Operations\uff09\u662f\u4e00\u5957\u8425\u9500\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nIBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u83b7\u53d6Web\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21992739",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07527",
  "openTime": "2017-05-26",
  "patchDescription": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM Distributed Marketing\u662f\u4e00\u5957\u5168\u6e20\u9053\u8425\u9500\u89e3\u51b3\u65b9\u6848\u3002IBM Marketing Platform\u662f\u4e00\u5957\u652f\u6301\u8425\u9500\u4eba\u5458\u5229\u7528\u548c\u5206\u6790\u5ba2\u6237\u5728\u7f51\u7ad9\u3001\u624b\u673a\u548c\u793e\u4ea4\u5a92\u4f53\u4e0a\u7684\u4ea4\u4e92\u884c\u4e3a\u7684\u8425\u9500\u5e73\u53f0\u3002IBM Marketing Operations\uff08\u524d\u79f0IBM Unica Marketing Operations\uff09\u662f\u4e00\u5957\u8425\u9500\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nIBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u83b7\u53d6Web\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Marketing Platform 8.6.0.x",
      "IBM Marketing Platform 9.0",
      "IBM Marketing Platform 9.1x",
      "IBM Marketing Platform 9.1.2.x",
      "IBM Marketing Platform 10.0.0.x",
      "IBM Marketing Operations 8.6.0.x",
      "IBM Marketing Operations 9.0",
      "IBM Marketing Operations 9.1x",
      "IBM Marketing Operations 9.1.2.x",
      "IBM Marketing Operations 10.0.0.x",
      "IBM Distributed Marketing 8.6.0.x",
      "IBM Distributed Marketing 9.0",
      "IBM Distributed Marketing 9.1x",
      "IBM Distributed Marketing 9.1.2.x",
      "IBM Distributed Marketing 10.0.0.x"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21992739",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-24",
  "title": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

FKIE_CVE-2016-6112

Vulnerability from fkie_nvd - Published: 2017-05-22 20:29 - Updated: 2026-05-13 00:24

Severity

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992739	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992739	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	marketing_platform	8.6.0.0
ibm	marketing_platform	9.0.0.0
ibm	marketing_platform	9.1.0.0
ibm	marketing_platform	9.1.2.0
ibm	marketing_platform	10.0
ibm	marketing_operations	8.6.0.0
ibm	marketing_operations	9.0.0.0
ibm	marketing_operations	9.1.0.0
ibm	marketing_operations	10.0.0.0
ibm	distributed_marketing	8.6.0.0
ibm	distributed_marketing	9.0.0.0
ibm	distributed_marketing	9.1.0.0
ibm	distributed_marketing	10.0.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8A5AFAE-62C2-4606-8173-862BE8575821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFD0672-3CA3-41C4-B20C-884DF334A176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "805E751A-E060-48BC-B98A-5EBDA75DBCFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A394A760-E812-4D3C-9B00-F55EEA03CFB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:marketing_operations:8.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA73E2-B8C4-494F-B894-D25A024B4559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_operations:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E41E05D9-5E80-42F3-B7A3-C1933EB5D873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_operations:9.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB557416-74AD-4E44-8440-1DEBD90AEC2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:marketing_operations:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4655821-4F02-4B21-B451-F627ECADAED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:distributed_marketing:8.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67832F29-CC33-43DE-BE61-5534B2DCD03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:distributed_marketing:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "286F79AB-AE7E-4A30-9290-7F197268203E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:distributed_marketing:9.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E69AC4F-A5CB-4270-9AE7-706D4D59F61F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:distributed_marketing:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E63FD79-9964-45C8-BE39-22D37ACECECD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
    },
    {
      "lang": "es",
      "value": "IBM Distributed Marketing y Marketing Platform 8.6, 9.0, 9.1 y 10.0 podr\u00eda permitir a un usuario autenticado escalar sus privilegios y obtener permisos administrativos sobre la aplicaci\u00f3n web. IBM X-Force ID: 118282."
    }
  ],
  "id": "CVE-2016-6112",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-22T20:29:00.173",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-63QR-C54J-6569

Vulnerability from github – Published: 2022-05-17 02:43 – Updated: 2022-05-17 02:43

Details

Severity

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6112"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-22T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.",
  "id": "GHSA-63qr-c54j-6569",
  "modified": "2022-05-17T02:43:13Z",
  "published": "2022-05-17T02:43:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6112"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6112

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6112

Aliases

CVE-2016-6112

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6112",
    "description": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.",
    "id": "GSD-2016-6112"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6112"
      ],
      "details": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.",
      "id": "GSD-2016-6112",
      "modified": "2023-12-13T01:21:23.042444Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2016-6112",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Marketing Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Gain Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=swg21992739",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_operations:10.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_operations:8.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_operations:9.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:marketing_operations:9.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:distributed_marketing:8.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:distributed_marketing:10.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:distributed_marketing:9.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:distributed_marketing:9.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6112"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992739",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-05-31T00:14Z",
      "publishedDate": "2017-05-22T20:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6112 (GCVE-0-2016-6112)

CNVD-2017-07527

FKIE_CVE-2016-6112

GHSA-63QR-C54J-6569

GSD-2016-6112

Tags

Sightings

Nomenclature