Lucene search

[email protected]CVE-2016-2952

HistoryNov 30, 2016 - 11:59 a.m.

CVE-2016-2952

2016-11-3011:59:15

CWE-200

[email protected]

web.nvd.nist.gov

ibm

bigfix

remote control

9.1.3

hsts

http

data exposure

vulnerability

cve-2016-2952

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

Affected configurations

NVD

Node

ibmbigfix_remote_controlRange≤9.1.2

CPENameOperatorVersion
ibm:bigfix_remote_controlibm bigfix remote controlle9.1.2

CPE	Name	Operator	Version
ibm:bigfix_remote_control	ibm bigfix remote control	le	9.1.2

References

www-01.ibm.com/support/docview.wss?uid=swg1IV89794

www-01.ibm.com/support/docview.wss?uid=swg21991871

www.securityfocus.com/bid/94598

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2016-2952

prion1 cvelist1 nvd1