CVE-2015-4954

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 72.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Bigfix Remote Control

Timeline

PublishedMar 27

Latest updateMay 14

Description

IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/bigfix_remote_control9.1.2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-cjrv-rj5x-6665: IBM BigFix Remote Control before Interim Fix pack 9↗2022-05-14

▶

CVEList

CVE-2015-4954: IBM BigFix Remote Control before Interim Fix pack 9↗2018-03-27

▶