Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:bigfix_inventory:9.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-8964 |
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. Published: July 13, 2017; 11:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2016-8962 |
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. Published: April 26, 2017; 1:59:00 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-8963 |
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. Published: February 01, 2017; 5:59:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-8961 |
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. Published: February 01, 2017; 3:59:03 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |