CVE-2016-2927

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Bigfix Remote Control
Vendor: CVE Published:; 25 November 2016

Summary

IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

References

http://www.securityfocus.com/bid/94561

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21991875

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89792

vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2016
Vulnerability Reserved
Mar 9, 2016

.