CVE-2016-0214 — Improper Access Control in Corporation Bigfix Platform

CWE-284 — Improper Access Control4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 46.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Bigfix Platform IBM Bigfix Platform

Timeline

PublishedFeb 8

Latest updateMay 17

Description

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/bigfix_platform4 versions+3

▶CVEListV5ibm_corporation/bigfix_platform4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-m597-3rj8-q6hg: IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files↗2022-05-17

▶

CVEList

CVE-2016-0214: IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files↗2017-02-08

▶

OSV

samba vulnerabilities↗2016-03-08

▶