Information Disclosure in IBM BigFix Inventory
CVE-2016-8966
5.9MEDIUM
Summary
IBM BigFix Inventory version 9 is susceptible to an information disclosure vulnerability due to inadequate implementation of HTTP Strict Transport Security (HSTS). This flaw may allow a remote attacker to intercept communications using man-in-the-middle techniques, potentially exposing sensitive data exchanged between users and the service. Organizations using the affected version should take immediate action to remediate this issue to safeguard sensitive information.
Affected Version(s)
BigFix Inventory 9.2
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved