Remote Code Execution Vulnerability in IBM BigFix Remote Control
CVE-2016-2952

3.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
30 November 2016

Summary

IBM BigFix Remote Control prior to version 9.1.3 lacks the implementation of HTTP Strict Transport Security (HSTS). This absence allows remote attackers to exploit the system more easily by intercepting unencrypted HTTP communications, potentially gaining access to sensitive information transmitted between users and the server. Organizations using affected versions should assess their security posture and consider upgrading to mitigate risks associated with insecure data transmission.

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.