Cross-Site Scripting Vulnerability in IBM BigFix Remote Control
CVE-2016-2934

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Bigfix Remote Control
Vendor
CVE Published:
30 November 2016

Summary

The vulnerability enables remote attackers to exploit IBM BigFix Remote Control versions prior to 9.1.3 by injecting arbitrary web scripts or HTML through unspecified vectors. This can potentially lead to unauthorized actions or the disclosure of sensitive information via a compromised web interface.

References

http://www.securityfocus.com/bid/94987
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89795
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21991870
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.