CVE-2015-4953

CWE-3265 documents5 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 83.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Bigfix Remote Control

Timeline

PublishedMar 29

Latest updateMay 14

Description

IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages1 packages

▶NVDibm/bigfix_remote_control9.1.2

Patches

Patch: www-304.ibm.com ↗Patch: www-304.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-6q4x-jxmf-pjpx: IBM BigFix Remote Control before Interim Fix pack 9↗2022-05-14

▶

CVEList

CVE-2015-4953: IBM BigFix Remote Control before Interim Fix pack 9↗2018-03-29

▶

📋Vendor Advisories

Red Hat

ntp: bad authentication demobilizes ephemeral associations↗2016-06-02

▶

💬Community

Bugzilla

CVE-2016-4953 ntp: bad authentication demobilizes ephemeral associations↗2016-05-30

▶