What is CVE-2016-8977?

CVE-2016-8977 is a medium-severity vulnerability in Hp Hp-ux, classified under Information Disclosure. CVSS score: 5.3/10. Published 2017-02-01.

How severe is CVE-2016-8977?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2016-8977 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Hp Hp-ux

CVE-2016-8977

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

Vulnerability class: Information Disclosure

EPSS: 0.002 (46.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Hp Hp-ux
Ibm Aix
Ibm Bigfix_inventory — versions 9.2
Ibm License_metric_tool — versions 9.2.0
Ibm Corporation Bigfix Inventory — versions unspecified, 9.2
Linux Linux_kernel
Microsoft Windows
Oracle Solaris

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

thdusdl1219/CVE-Study

References

psirt@us.ibm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-8977?: CVE-2016-8977 is a medium-severity vulnerability in Hp Hp-ux, classified under Information Disclosure. CVSS score: 5.3/10. Published 2017-02-01.
How severe is CVE-2016-8977?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2016-8977 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.