CVE-2016-6001

Published on: 02/01/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:11 PM UTC

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Certain versions of Forms Experience Builder from Ibm contain the following vulnerability:

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

  • CVE-2016-6001 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.
  • Affected Vendor/Software: IBM Corporation - Forms Experience Builder version 8.5.0
  • Affected Vendor/Software: IBM Corporation - Forms Experience Builder version 8.5.1
  • Affected Vendor/Software: IBM Corporation - Forms Experience Builder version 8.5
  • Affected Vendor/Software: IBM Corporation - Forms Experience Builder version 8.5.0.1
  • Affected Vendor/Software: IBM Corporation - Forms Experience Builder version 8.6

CVSS3 Score: 3.1 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 3.5 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
IBM Forms Experience Builder CVE-2016-6001 Server Side Request Forgery Security Bypass Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 95777
IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001) - United States Patch
Vendor Advisory
www.ibm.com
text/html
URL Logo CONFIRM www.ibm.com/support/docview.wss?uid=swg21991280

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmForms Experience Builder8.5AllAllAll
ApplicationIbmForms Experience Builder8.5.1AllAllAll
ApplicationIbmForms Experience Builder8.6.0AllAllAll
ApplicationIbmForms Experience Builder8.5AllAllAll
ApplicationIbmForms Experience Builder8.5.1AllAllAll
ApplicationIbmForms Experience Builder8.6.0AllAllAll
  • cpe:2.3:a:ibm:forms_experience_builder:8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.0:*:*:*:*:*:*:*: