CNVD-2017-07527

Vulnerability from cnvd - Published: 2017-05-26
VLAI Severity ?
Title
IBM Distributed Marketing、Marketing Platform和Marketing Operations远程权限提升漏洞
Description
IBM Distributed Marketing、Marketing Platform和Marketing Operations都是美国IBM公司的产品。IBM Distributed Marketing是一套全渠道营销解决方案。IBM Marketing Platform是一套支持营销人员利用和分析客户在网站、手机和社交媒体上的交互行为的营销平台。IBM Marketing Operations(前称IBM Unica Marketing Operations)是一套营销管理软件。 IBM Distributed Marketing、Marketing Platform和Marketing Operations中存在远程权限提升漏洞。攻击者可利用该漏洞提升权限,获取Web应用程序的管理员权限。
Severity
Patch Name
IBM Distributed Marketing、Marketing Platform和Marketing Operations远程权限提升漏洞的补丁
Patch Description
IBM Distributed Marketing、Marketing Platform和Marketing Operations都是美国IBM公司的产品。IBM Distributed Marketing是一套全渠道营销解决方案。IBM Marketing Platform是一套支持营销人员利用和分析客户在网站、手机和社交媒体上的交互行为的营销平台。IBM Marketing Operations(前称IBM Unica Marketing Operations)是一套营销管理软件。 IBM Distributed Marketing、Marketing Platform和Marketing Operations中存在远程权限提升漏洞。攻击者可利用该漏洞提升权限,获取Web应用程序的管理员权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg21992739

Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21992739
Impacted products
Name
['IBM Marketing Platform 8.6.0.x', 'IBM Marketing Platform 9.0', 'IBM Marketing Platform 9.1x', 'IBM Marketing Platform 9.1.2.x', 'IBM Marketing Platform 10.0.0.x', 'IBM Marketing Operations 8.6.0.x', 'IBM Marketing Operations 9.0', 'IBM Marketing Operations 9.1x', 'IBM Marketing Operations 9.1.2.x', 'IBM Marketing Operations 10.0.0.x', 'IBM Distributed Marketing 8.6.0.x', 'IBM Distributed Marketing 9.0', 'IBM Distributed Marketing 9.1x', 'IBM Distributed Marketing 9.1.2.x', 'IBM Distributed Marketing 10.0.0.x']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "98619"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6112"
    }
  },
  "description": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM Distributed Marketing\u662f\u4e00\u5957\u5168\u6e20\u9053\u8425\u9500\u89e3\u51b3\u65b9\u6848\u3002IBM Marketing Platform\u662f\u4e00\u5957\u652f\u6301\u8425\u9500\u4eba\u5458\u5229\u7528\u548c\u5206\u6790\u5ba2\u6237\u5728\u7f51\u7ad9\u3001\u624b\u673a\u548c\u793e\u4ea4\u5a92\u4f53\u4e0a\u7684\u4ea4\u4e92\u884c\u4e3a\u7684\u8425\u9500\u5e73\u53f0\u3002IBM Marketing Operations\uff08\u524d\u79f0IBM Unica Marketing Operations\uff09\u662f\u4e00\u5957\u8425\u9500\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nIBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u83b7\u53d6Web\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21992739",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07527",
  "openTime": "2017-05-26",
  "patchDescription": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM Distributed Marketing\u662f\u4e00\u5957\u5168\u6e20\u9053\u8425\u9500\u89e3\u51b3\u65b9\u6848\u3002IBM Marketing Platform\u662f\u4e00\u5957\u652f\u6301\u8425\u9500\u4eba\u5458\u5229\u7528\u548c\u5206\u6790\u5ba2\u6237\u5728\u7f51\u7ad9\u3001\u624b\u673a\u548c\u793e\u4ea4\u5a92\u4f53\u4e0a\u7684\u4ea4\u4e92\u884c\u4e3a\u7684\u8425\u9500\u5e73\u53f0\u3002IBM Marketing Operations\uff08\u524d\u79f0IBM Unica Marketing Operations\uff09\u662f\u4e00\u5957\u8425\u9500\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nIBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u83b7\u53d6Web\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Marketing Platform 8.6.0.x",
      "IBM Marketing Platform 9.0",
      "IBM Marketing Platform 9.1x",
      "IBM Marketing Platform 9.1.2.x",
      "IBM Marketing Platform 10.0.0.x",
      "IBM Marketing Operations 8.6.0.x",
      "IBM Marketing Operations 9.0",
      "IBM Marketing Operations 9.1x",
      "IBM Marketing Operations 9.1.2.x",
      "IBM Marketing Operations 10.0.0.x",
      "IBM Distributed Marketing 8.6.0.x",
      "IBM Distributed Marketing 9.0",
      "IBM Distributed Marketing 9.1x",
      "IBM Distributed Marketing 9.1.2.x",
      "IBM Distributed Marketing 10.0.0.x"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21992739",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-24",
  "title": "IBM Distributed Marketing\u3001Marketing Platform\u548cMarketing Operations\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.