Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Sterling Order Management by IBM Corporation

    CVE-2016-8917 (GCVE-0-2016-8917)

    Vulnerability from nvd – Published: 2017-03-31 18:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Sterling Order Management Affected: 8.5
    Affected: 8.0
    Affected: 9.1
    Affected: 9.2
    Affected: 9.2.1
    Affected: 9.3
    Affected: 9.4
    Affected: 9.5
    Create a notification for this product.
    Date Public
    2017-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22000943"
              },
              {
                "name": "97150",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97150"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Order Management",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5"
                },
                {
                  "status": "affected",
                  "version": "8.0"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.2"
                },
                {
                  "status": "affected",
                  "version": "9.2.1"
                },
                {
                  "status": "affected",
                  "version": "9.3"
                },
                {
                  "status": "affected",
                  "version": "9.4"
                },
                {
                  "status": "affected",
                  "version": "9.5"
                }
              ]
            }
          ],
          "datePublic": "2017-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-03T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22000943"
            },
            {
              "name": "97150",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97150"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Order Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5"
                              },
                              {
                                "version_value": "8.0"
                              },
                              {
                                "version_value": "9.1"
                              },
                              {
                                "version_value": "9.2"
                              },
                              {
                                "version_value": "9.2.1"
                              },
                              {
                                "version_value": "9.3"
                              },
                              {
                                "version_value": "9.4"
                              },
                              {
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22000943",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22000943"
                },
                {
                  "name": "97150",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97150"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8917",
        "datePublished": "2017-03-31T18:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5953 (GCVE-0-2016-5953)

    Vulnerability from nvd – Published: 2017-02-01 22:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Sterling Order Management Affected: 8.5
    Affected: 8.0
    Affected: 9.1
    Affected: 9.2
    Affected: 9.2.1
    Affected: 9.3
    Affected: 9.4
    Affected: 9.5
    Create a notification for this product.
    Date Public
    2016-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521"
              },
              {
                "name": "95431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Order Management",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5"
                },
                {
                  "status": "affected",
                  "version": "8.0"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.2"
                },
                {
                  "status": "affected",
                  "version": "9.2.1"
                },
                {
                  "status": "affected",
                  "version": "9.3"
                },
                {
                  "status": "affected",
                  "version": "9.4"
                },
                {
                  "status": "affected",
                  "version": "9.5"
                }
              ]
            }
          ],
          "datePublic": "2016-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521"
            },
            {
              "name": "95431",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-5953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Order Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5"
                              },
                              {
                                "version_value": "8.0"
                              },
                              {
                                "version_value": "9.1"
                              },
                              {
                                "version_value": "9.2"
                              },
                              {
                                "version_value": "9.2.1"
                              },
                              {
                                "version_value": "9.3"
                              },
                              {
                                "version_value": "9.4"
                              },
                              {
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21994521",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521"
                },
                {
                  "name": "95431",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-5953",
        "datePublished": "2017-02-01T22:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8917 (GCVE-0-2016-8917)

    Vulnerability from cvelistv5 – Published: 2017-03-31 18:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Sterling Order Management Affected: 8.5
    Affected: 8.0
    Affected: 9.1
    Affected: 9.2
    Affected: 9.2.1
    Affected: 9.3
    Affected: 9.4
    Affected: 9.5
    Create a notification for this product.
    Date Public
    2017-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22000943"
              },
              {
                "name": "97150",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97150"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Order Management",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5"
                },
                {
                  "status": "affected",
                  "version": "8.0"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.2"
                },
                {
                  "status": "affected",
                  "version": "9.2.1"
                },
                {
                  "status": "affected",
                  "version": "9.3"
                },
                {
                  "status": "affected",
                  "version": "9.4"
                },
                {
                  "status": "affected",
                  "version": "9.5"
                }
              ]
            }
          ],
          "datePublic": "2017-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-03T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22000943"
            },
            {
              "name": "97150",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97150"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Order Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5"
                              },
                              {
                                "version_value": "8.0"
                              },
                              {
                                "version_value": "9.1"
                              },
                              {
                                "version_value": "9.2"
                              },
                              {
                                "version_value": "9.2.1"
                              },
                              {
                                "version_value": "9.3"
                              },
                              {
                                "version_value": "9.4"
                              },
                              {
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22000943",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22000943"
                },
                {
                  "name": "97150",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97150"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8917",
        "datePublished": "2017-03-31T18:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5953 (GCVE-0-2016-5953)

    Vulnerability from cvelistv5 – Published: 2017-02-01 22:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Sterling Order Management Affected: 8.5
    Affected: 8.0
    Affected: 9.1
    Affected: 9.2
    Affected: 9.2.1
    Affected: 9.3
    Affected: 9.4
    Affected: 9.5
    Create a notification for this product.
    Date Public
    2016-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521"
              },
              {
                "name": "95431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Order Management",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5"
                },
                {
                  "status": "affected",
                  "version": "8.0"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.2"
                },
                {
                  "status": "affected",
                  "version": "9.2.1"
                },
                {
                  "status": "affected",
                  "version": "9.3"
                },
                {
                  "status": "affected",
                  "version": "9.4"
                },
                {
                  "status": "affected",
                  "version": "9.5"
                }
              ]
            }
          ],
          "datePublic": "2016-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521"
            },
            {
              "name": "95431",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-5953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Order Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5"
                              },
                              {
                                "version_value": "8.0"
                              },
                              {
                                "version_value": "9.1"
                              },
                              {
                                "version_value": "9.2"
                              },
                              {
                                "version_value": "9.2.1"
                              },
                              {
                                "version_value": "9.3"
                              },
                              {
                                "version_value": "9.4"
                              },
                              {
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21994521",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521"
                },
                {
                  "name": "95431",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-5953",
        "datePublished": "2017-02-01T22:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }