Ibm Bigfix_inventory
9 CVEs affecting Ibm Bigfix_inventory. Latest disclosed: 2017-07-13. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-8964 | Critical | 9.8 | 2017-07-13 | IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 1… |
CVE-2016-8980 | High | 8.1 | 2017-02-01 | IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacke… |
CVE-2016-8961 | Medium | 6.1 | 2017-02-01 | IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-c… |
CVE-2016-8962 | Medium | 5.9 | 2017-04-26 | IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts… |
CVE-2016-8966 | Medium | 5.9 | 2017-02-01 | IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security… |
CVE-2016-8963 | Medium | 5.5 | 2017-02-01 | IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. |
CVE-2016-8967 | Medium | 5.5 | 2017-02-01 | IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. |
CVE-2016-8981 | Medium | 5.5 | 2017-02-01 | IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. |
CVE-2016-8977 | Medium | 5.3 | 2017-02-01 | IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further a… |