XML Injection Vulnerability in IBM BigFix Remote Control
CVE-2016-2932

5.3MEDIUM

Key Information:

Vendor

IBM
Status
Bigfix Remote Control
Vendor
CVE Published:
30 November 2016

What is CVE-2016-2932?

IBM BigFix Remote Control versions prior to 9.1.3 are susceptible to XML injection, which may allow remote attackers to manipulate the application's behavior and potentially extract sensitive information. This vulnerability can be exploited through various unspecified vectors, potentially compromising the integrity and confidentiality of system communications. It is crucial for users of affected versions to apply necessary updates and implement security measures to protect their systems from potential unauthorized access.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89787
vendor-advisoryx_refsource_AIXAPAR
http://www.securityfocus.com/bid/94983
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21991882
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.