{"api_version":"1","generated_at":"2026-04-23T14:42:05+00:00","cve":"CVE-2017-1474","urls":{"html":"https://cve.report/CVE-2017-1474","api":"https://cve.report/api/cve/CVE-2017-1474.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1474","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1474"},"summary":{"title":"CVE-2017-1474","description":"IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2018-06-06 17:29:00","updated_at":"2019-10-09 23:26:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/128606","name":"ibm-sam-cve20171474-info-disc(128606)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg22012329","name":"http://www.ibm.com/support/docview.wss?uid=swg22012329","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: IBM Security Access Manager and IBM Tivoli Access Manager for e-business are affected by an information exposure vulnerability (CVE-2017-1474)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104476","name":"104476","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"IBM Security Access Manager Appliance CVE-2017-1474 Unspecified Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1474","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1474","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1474","vulnerable":"1","versionEndIncluding":"9.0.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1474","vulnerable":"1","versionEndIncluding":"8.0.1.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_mobile","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1474","vulnerable":"1","versionEndIncluding":"7.0.0.32","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_web","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1474","vulnerable":"1","versionEndIncluding":"8.0.1.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_web","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2018-06-04T00:00:00","ID":"CVE-2017-1474","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Security Access Manager","version":{"version_data":[{"version_value":"9.0.0.1"},{"version_value":"7.0.0"},{"version_value":"8.0.0"},{"version_value":"8.0.0.1"},{"version_value":"8.0.0.2"},{"version_value":"8.0.0.3"},{"version_value":"8.0.0.4"},{"version_value":"8.0.0.5"},{"version_value":"8.0.1"},{"version_value":"8.0.1.2"},{"version_value":"8.0.1.3"},{"version_value":"8.0.1.4"},{"version_value":"9.0.0"},{"version_value":"9.0.1.0"},{"version_value":"9.0.2.0"},{"version_value":"8.0.1.5"},{"version_value":"9.0.2.1"},{"version_value":"9.0.3"},{"version_value":"9.0.3.1"},{"version_value":"8.0.1.6"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"L","AV":"N","C":"L","I":"N","PR":"N","S":"U","SCORE":"5.300","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"references":{"reference_data":[{"name":"ibm-sam-cve20171474-info-disc(128606)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"},{"name":"http://www.ibm.com/support/docview.wss?uid=swg22012329","refsource":"CONFIRM","url":"http://www.ibm.com/support/docview.wss?uid=swg22012329"},{"name":"104476","refsource":"BID","url":"http://www.securityfocus.com/bid/104476"}]}},"nvd":{"publishedDate":"2018-06-06 17:29:00","lastModifiedDate":"2019-10-09 23:26:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.0.3.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.1.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.1.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.0.32","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1474","Ordinal":"97547","Title":"CVE-2017-1474","CVE":"CVE-2017-1474","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1474","Ordinal":"1","NoteData":"IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"1474","Ordinal":"2","NoteData":"2018-06-06","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1474","Ordinal":"3","NoteData":"2018-06-18","Type":"Other","Title":"Modified"}]}}}