Lucene search

IbmCVE-2016-2927

HistoryNov 25, 2016 - 8:59 p.m.

CVE-2016-2927

2016-11-2520:59:07

CWE-200

ibm

web.nvd.nist.gov

ibm

bigfix

remote control

cve-2016-2927

encryption

network security

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON

IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

Affected configurations

Nvd

Node

ibmbigfix_remote_controlRange≤9.1.2

VendorProductVersionCPE
ibmbigfix_remote_control*cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	bigfix_remote_control	*	cpe:2.3:a:ibm:bigfix_remote_control::::::::

References

www-01.ibm.com/support/docview.wss?uid=swg1IV89792

www-01.ibm.com/support/docview.wss?uid=swg21991875

www.securityfocus.com/bid/94561

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON

Related for CVE-2016-2927