IBM BigFix Remote Control Vulnerability Exposes Sensitive Information
CVE-2016-2928

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 November 2016

Summary

IBM BigFix Remote Control versions prior to 9.1.3 contain a vulnerability that enables remote authenticated users to read error logs, thereby exposing sensitive information. This issue arises from improper access controls that allow unauthorized retrieval of log information, which could include usernames and other sensitive data. Organizations using these affected versions should update to the latest release to mitigate the risk and enhance security.

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.