CVE-2016-0296
published 2017-02-01CVE-2016-0296: IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
PriorityP410low3.3CVSS 3.0
AVLACLPRLUINSUCLINAN
EPSS
0.29%
21.1th percentile
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | bigfix_platform | — | — |
| ibm | bigfix_platform | — | — |
| ibm | bigfix_platform | — | — |
| ibm | bigfix_platform | — | — |
| ibm_corporation | bigfix_platform | — | — |
| ibm_corporation | bigfix_platform | — | — |
| ibm_corporation | bigfix_platform | — | — |
| ibm_corporation | bigfix_platform | — | — |
CVSS provenance
nvdv3.03.3LOWCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-942g-2qf9-83fp: IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local
ghsa_unreviewed·2022-05-17
CVE-2016-0296 [LOW] CWE-532 GHSA-942g-2qf9-83fp: IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
Red Hat
openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
vendor_redhat·2023-01-16·CVSS 7.5
CVE-2023-0296 [HIGH] CWE-327 openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
The Birthday attack against
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-02-01
Published