{"api_version":"1","generated_at":"2026-05-01T08:13:06+00:00","cve":"CVE-2017-1272","urls":{"html":"https://cve.report/CVE-2017-1272","api":"https://cve.report/api/cve/CVE-2017-1272.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1272","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1272"},"summary":{"title":"CVE-2017-1272","description":"IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2018-12-17 16:29:00","updated_at":"2019-10-09 23:26:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/docview.wss?uid=ibm10731655","name":"https://www.ibm.com/support/docview.wss?uid=ibm10731655","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Bulletin: IBM Security Guardium is affected by a Query Parameter in SSL Request vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106237","name":"106237","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"IBM Security Guardium CVE-2017-1272 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/124747","name":"ibm-guardium-cve20171272-info-disc(124747)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1272","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1272","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1272","vulnerable":"1","versionEndIncluding":"10.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_guardium","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2018-12-13T00:00:00","ID":"CVE-2017-1272","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Security Guardium","version":{"version_data":[{"version_value":"10"},{"version_value":"10.5"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"H","AV":"N","C":"L","I":"N","PR":"N","S":"U","SCORE":"3.700","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"references":{"reference_data":[{"name":"ibm-guardium-cve20171272-info-disc(124747)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/124747"},{"name":"106237","refsource":"BID","url":"http://www.securityfocus.com/bid/106237"},{"name":"https://www.ibm.com/support/docview.wss?uid=ibm10731655","refsource":"CONFIRM","url":"https://www.ibm.com/support/docview.wss?uid=ibm10731655"}]}},"nvd":{"publishedDate":"2018-12-17 16:29:00","lastModifiedDate":"2019-10-09 23:26:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndIncluding":"10.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1272","Ordinal":"97345","Title":"CVE-2017-1272","CVE":"CVE-2017-1272","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1272","Ordinal":"1","NoteData":"IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"1272","Ordinal":"2","NoteData":"2018-12-17","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1272","Ordinal":"3","NoteData":"2018-12-19","Type":"Other","Title":"Modified"}]}}}