Information Disclosure Vulnerability in IBM BigFix Compliance
CVE-2017-1198
3.7LOW
Summary
IBM BigFix Compliance versions 1.7 through 1.9.91 are susceptible to a vulnerability that allows sensitive information to be stored in URL parameters. This flaw may result in unauthorized access to sensitive data if these URLs are exposed through server logs, the referrer header, or browser history. Users of these affected versions should take immediate action to secure their systems to prevent potential information leakage.
Affected Version(s)
BigFix Compliance 1.7
BigFix Compliance 1.9.91
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved