CVE-2016-8977

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 53.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Corporation Bigfix InventoryIBM Bigfix InventoryIBM License Metric Tool
Timeline
PublishedFeb 1
Latest updateMay 17

Description

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5ibm_corporation/bigfix_inventory9.2, unspecified+1

🔴Vulnerability Details

2
GHSA
GHSA-gm27-xj7q-j52q: IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests2022-05-17
CVEList
CVE-2016-8977: IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests2017-02-01
CVE-2016-8977 (MEDIUM CVSS 5.3) | IBM BigFix Inventory v9 could discl | cvebase.io