Vulnerability Details : CVE-2016-2951
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.
Products affected by CVE-2016-2951
- cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2951
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
NIST |
CWE ids for CVE-2016-2951
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2951
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89785
IBM IV89785: SECURITY APAR CVE-2016-2951 WEAK DEFAULT ENCRYPTION STRENGTH IN IBM BIGFIX REMOTE CONTROLVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21991885
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www.securityfocus.com/bid/94601
IBM BigFix Remote Control CVE-2016-2951 Man in the Middle Information Disclosure Vulnerability
Jump to