IBM BigFix Remote Control Vulnerability Exposes Sensitive Information
CVE-2016-2928

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Bigfix Remote Control
Vendor
CVE Published:
25 November 2016

Summary

IBM BigFix Remote Control versions prior to 9.1.3 contain a vulnerability that enables remote authenticated users to read error logs, thereby exposing sensitive information. This issue arises from improper access controls that allow unauthorized retrieval of log information, which could include usernames and other sensitive data. Organizations using these affected versions should update to the latest release to mitigate the risk and enhance security.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89748
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21991951
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94556
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.