IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NIBM Bigfix Inventory
APPIbm≤ 9.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2016-8964CRITICAL9.8ten sam produkt
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to b...
CVE-2016-8980HIGH8.1ten sam produkt
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE)...
CVE-2016-8966MEDIUM5.9ten sam produkt
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure t...
CVE-2016-8967MEDIUM5.5ten sam produkt
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-8977MEDIUM5.3ten sam produkt
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. ...