Vulnerability in IBM BigFix Remote Control Affects User Password Security
CVE-2016-2929

8.1HIGH

Key Information:

Vendor
IBM
Status
Bigfix Remote Control
Vendor
CVE Published:
25 November 2016

Summary

IBM BigFix Remote Control prior to version 9.1.3 contains a vulnerability that fails to properly restrict the choices for user passwords. This issue may allow remote attackers to effectively exploit the system by employing brute-force techniques to guess passwords, potentially leading to unauthorized access. Organizations using affected versions should consider updating to ensure strong password policies are enforced, thereby enhancing their overall security posture.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21991880
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94560
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89789
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.