CVE-2017-1516 (GCVE-0-2017-1516)
Vulnerability from cvelistv5 – Published: 2018-01-26 21:00 – Updated: 2024-09-16 19:01
VLAI?
Summary
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5
Affected: 9.5.0.1 Affected: 9.5.1 Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.0.2 Affected: 9.5.0.3 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.0.4 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.0.5 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.0.6 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.0.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "9.5.0.1"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.0.2"
},
{
"status": "affected",
"version": "9.5.0.3"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.0.4"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.0.5"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.0.6"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.0.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1516",
"datePublished": "2018-01-26T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:01:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_doors:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.5.0.0\", \"versionEndIncluding\": \"9.5.0.7\", \"matchCriteriaId\": \"18D8B61D-8C61-47FE-9333-46D3BBC2054E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_doors:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.5.1.0\", \"versionEndIncluding\": \"9.5.1.8\", \"matchCriteriaId\": \"D663D277-4979-44F4-8AC4-40C609213859\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_doors:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.5.2.0\", \"versionEndIncluding\": \"9.5.2.7\", \"matchCriteriaId\": \"E602E686-F359-4A68-8F2F-85FA40AEDD66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_doors:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.6.0.0\", \"versionEndIncluding\": \"9.6.0.6\", \"matchCriteriaId\": \"0F09A87C-CF16-485D-ACD6-A59836A6693C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:rational_doors:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.6.1.0\", \"versionEndIncluding\": \"9.6.1.9\", \"matchCriteriaId\": \"FE5CAEFC-C2D9-45F0-9BD4-2315DEC1DEC3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.\"}, {\"lang\": \"es\", \"value\": \"IBM Doors Web Access 9.5 y 9.6 podr\\u00eda permitir que un atacante remoto realizase un secuestro de clic a la v\\u00edctima. Al persuadir a una v\\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\\u00eda explotar esta vulnerabilidad para secuestrar las acciones de clicado de la v\\u00edctima y, probablemente, lanzar m\\u00e1s ataques contra la v\\u00edctima. IBM X-Force ID: 129826.\"}]",
"id": "CVE-2017-1516",
"lastModified": "2024-11-21T03:22:00.320",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-01-26T21:29:00.570",
"references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22012789\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102867\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/129826\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22012789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102867\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/129826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-1516\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-01-26T21:29:00.570\",\"lastModified\":\"2025-02-05T18:38:27.383\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.\"},{\"lang\":\"es\",\"value\":\"IBM Doors Web Access 9.5 y 9.6 podr\u00eda permitir que un atacante remoto realizase un secuestro de clic a la v\u00edctima. Al persuadir a una v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de clicado de la v\u00edctima y, probablemente, lanzar m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 129826.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.5.0.0\",\"versionEndIncluding\":\"9.5.0.7\",\"matchCriteriaId\":\"96E0933B-B5DE-4D2D-A618-399EDCA60BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.5.1.0\",\"versionEndIncluding\":\"9.5.1.8\",\"matchCriteriaId\":\"F5CC40FB-5AFC-4170-87AA-3EA32BC005AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.5.2.0\",\"versionEndIncluding\":\"9.5.2.7\",\"matchCriteriaId\":\"A5749236-FBDA-4CB8-9B0A-B14E74F5D07C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.6.0.0\",\"versionEndIncluding\":\"9.6.0.6\",\"matchCriteriaId\":\"DC96FBA4-2236-4ABF-AA1F-655A00D79F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.6.1.0\",\"versionEndIncluding\":\"9.6.1.9\",\"matchCriteriaId\":\"8E068BAB-D96A-49D0-AE8C-049D76F8CF17\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22012789\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102867\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/129826\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22012789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102867\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/129826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…