CVE-2016-2870

low-risk

Published 2016-07-02

Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.

Do I need to act?

0.45% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.7/10 Low

NETWORK / LOW complexity

Affected Products (2)

Websphere Datapower Xc10 Appliance Firmware

Affected Vendors

Ibm

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IT14815

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21983035

http://www.securityfocus.com/bid/91551

http://www-01.ibm.com/support/docview.wss?uid=swg1IT14815

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21983035

http://www.securityfocus.com/bid/91551

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 7/34 · Low