CVE-2016-2931 : IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensiti

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.

Published 2016-11-30 11:59:00

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2016-2931

IBM » Bigfix Remote Control
Versions up to, including, (<=) 9.1.2
cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 43 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89791

IBM IV89791: SECURITY APAR CVE-2016-2931 CLEAR TEXT TRANSMISSION OF INFORMATION IN IBM BIGFIX REMOTE CONTROL
Vendor Advisory
http://www.securityfocus.com/bid/94984

IBM Tivoli Remote Control CVE-2016-2931 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21991876

IBM notice: The page you requested cannot be displayed
Vendor Advisory

Jump to