Spoofing Vulnerability in IBM BigFix Remote Control Software
CVE-2015-4954

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Bigfix Remote Control
Vendor: CVE Published:; 27 March 2018

What is CVE-2015-4954?

The vulnerability in IBM BigFix Remote Control stems from its insufficient certificate validation process, allowing the use of self-signed certificates. This flaw can enable remote attackers to impersonate legitimate users or services, potentially exposing sensitive data or compromising system integrity through spoofing attacks. Addressing this vulnerability involves implementing stricter certificate validation and ensuring that only trusted certificates are accepted.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/105200

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21972042

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Jun 24, 2015