Remote Access Vulnerability in IBM BigFix Remote Control Software
CVE-2016-2944

9.8CRITICAL

Key Information:

Vendor
IBM
Status
Bigfix Remote Control
Vendor
CVE Published:
30 November 2016

Summary

The IBM BigFix Remote Control software prior to version 9.1.3 is susceptible to vulnerabilities in access control mechanisms. The application fails to adequately limit the number of failed login attempts. This design flaw allows remote attackers to exploit the system through brute-force techniques, potentially leading to unauthorized access. Organizations using affected versions should take immediate steps to upgrade their software and implement additional security measures to protect against such attacks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21991878
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94623
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89790
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.