CVE-2016-8966

CWE-200 — Information Exposure4 documents4 sources

Severity

5.9MEDIUM

EPSS

0.2%

top 58.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Bigfix Inventory IBM Bigfix Inventory IBM License Metric Tool

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/bigfix_inventory9.2

▶CVEListV5ibm_corporation/bigfix_inventory9.2

▶NVDibm/license_metric_tool9.2.0

🔴Vulnerability Details

GHSA

GHSA-xmrm-qcgv-g7x6: IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport↗2022-05-17

▶

CVEList

CVE-2016-8966: IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport↗2017-02-01

▶

💬Community

Bugzilla

CVE-2015-8966 kernel: Local privileges escalation via crafted F_OFD_GETLK/F_OFD_SETLK/F_OFD_SETLKW commands↗2016-12-12

▶