Spoofing Vulnerability in IBM BigFix Remote Control Software
CVE-2015-4954

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
27 March 2018

Summary

The vulnerability in IBM BigFix Remote Control stems from its insufficient certificate validation process, allowing the use of self-signed certificates. This flaw can enable remote attackers to impersonate legitimate users or services, potentially exposing sensitive data or compromising system integrity through spoofing attacks. Addressing this vulnerability involves implementing stricter certificate validation and ensuring that only trusted certificates are accepted.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.