Description
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95308
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21995014
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
46.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
ibm/bigfix_inventory
9.2
ibm/license_metric_tool
9.2.0
IBM Corporation/BigFix Inventory
9.2
IBM Corporation/BigFix Inventory
unspecified
Published
Feb 01, 2017
Tracked Since
Feb 18, 2026