Information Disclosure in IBM BigFix Inventory
CVE-2016-8966

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM BigFix Inventory version 9 is susceptible to an information disclosure vulnerability due to inadequate implementation of HTTP Strict Transport Security (HSTS). This flaw may allow a remote attacker to intercept communications using man-in-the-middle techniques, potentially exposing sensitive data exchanged between users and the service. Organizations using the affected version should take immediate action to remediate this issue to safeguard sensitive information.

Affected Version(s)

BigFix Inventory 9.2

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.