Security Bulletin: Vulnerability in Cache-Control header usage affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8981).

Summary

IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x allows web pages containing sensitive information to be cached by a browser.
As a result this information will be stored unsafely for an indefinite amount of time on the user’s hard drive.

Vulnerability Details

CVEID: CVE-2016-8981**
DESCRIPTION:** IBM BigFix Inventory v9.x allows web pages to be stored locally which can be read by another user on the system.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM License Metric Tool v9.x IBM BigFix Inventory v9.x

Remediation/Fixes

Upgrade to version 9.2.6 or later using the following procedure:

• In IBM Endpoint Manager console, expand IBM BigFix InventoryorIBM License Reporting (ILMT) node underSites node in the tree panel.
• Click Fixlets and Tasks node.Fixlets and Tasks panel will be displayed on the right.
• In the Fixlets and Tasks panel locate _Upgrade to the newest version of IBM BigFix Inventory 9.x _or Upgrade to the newest version IBM License Metric Tool 9.x fixlet and run it against the computer that hosts your server.

Workarounds and Mitigations

None