CVE-2016-0396Command Injection in Corporation Bigfix Platform

CWE-77Command Injection4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 32.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Bigfix PlatformIBM Bigfix Platform
Timeline
PublishedFeb 1
Latest updateMay 17

Description

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDibm/bigfix_platform4 versions+3
CVEListV5ibm_corporation/bigfix_platform4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-gf92-h6xm-4g8p: IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privilege2022-05-17
CVEList
CVE-2016-0396: IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privilege2017-02-01

💬Community

1
Bugzilla
CVE-2016-8637 dracut: Local information disclosure of initramfs when early cpio is used2016-11-10
CVE-2016-0396 — Command Injection | cvebase