PT-2017-9911 · Ibm · Ibm Bigfix Inventory

Published

2017-02-01

Updated

2017-02-13

CVE-2016-8977

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM BigFix Inventory version 9

Description The issue could disclose sensitive information to an unauthorized user using HTTP GET requests, potentially allowing for further attacks against the system.

Recommendations For IBM BigFix Inventory version 9, consider restricting access to sensitive information and limiting the use of HTTP GET requests until a fix is available. As a temporary workaround, restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-8977

Affected Products

Ibm Bigfix Inventory

PT-2017-9911 · Ibm · Ibm Bigfix Inventory

CVE-2016-8977

Weakness Enumeration

Related Identifiers

Affected Products

References · 4