Command Injection Vulnerability in IBM BigFix Platform
CVE-2016-0291

8.8HIGH

Key Information:

Vendor

IBM
Status
Bigfix Platform
Vendor
CVE Published:
28 February 2018

What is CVE-2016-0291?

IBM BigFix Platform versions 9.0, 9.1 (prior to 9.1.8), and 9.2 (prior to 9.2.8) are susceptible to a command injection vulnerability. Threat actors with authenticated access to the report server can exploit this flaw to execute arbitrary commands on the server, potentially compromising the system's integrity and confidentiality. Ensuring that all affected versions are updated is crucial for safeguarding sensitive information and enhancing the overall security posture.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985748
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/111302
vdb-entryx_refsource_XF

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.