Remote Code Execution Vulnerability in IBM BigFix Remote Control
CVE-2016-2952
3.7LOW
Summary
IBM BigFix Remote Control prior to version 9.1.3 lacks the implementation of HTTP Strict Transport Security (HSTS). This absence allows remote attackers to exploit the system more easily by intercepting unencrypted HTTP communications, potentially gaining access to sensitive information transmitted between users and the server. Organizations using affected versions should assess their security posture and consider upgrading to mitigate risks associated with insecure data transmission.
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved