Remote Code Execution Vulnerability in IBM BigFix Remote Control
CVE-2016-2952

3.7LOW

Key Information:

Vendor
IBM
Status
Bigfix Remote Control
Vendor
CVE Published:
30 November 2016

Summary

IBM BigFix Remote Control prior to version 9.1.3 lacks the implementation of HTTP Strict Transport Security (HSTS). This absence allows remote attackers to exploit the system more easily by intercepting unencrypted HTTP communications, potentially gaining access to sensitive information transmitted between users and the server. Organizations using affected versions should assess their security posture and consider upgrading to mitigate risks associated with insecure data transmission.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89794
vendor-advisoryx_refsource_AIXAPAR
http://www.securityfocus.com/bid/94598
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21991871
x_refsource_CONFIRM

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.