CVE-2016-8977

MEDIUM

IBM BigFix Inventory v9 - Info Disclosure

Title source: llm

Description

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

References (2)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21995014

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95308

Scores

CVSS v3 5.3

EPSS 0.0023

EPSS Percentile 45.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (4)

ibm/license_metric_tool

ibm/bigfix_inventory

IBM Corporation/BigFix Inventory < unspecified

IBM Corporation/BigFix Inventory < 9.2

Timeline

Published Feb 01, 2017

Tracked Since Feb 18, 2026