Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7A8778197708BEFF26803AA6905908DC26523D50A41CC0684D99D63F95FB20D4
HistoryAug 19, 2022 - 9:04 p.m.

Security Bulletin: Vulnerability in HTTP request processing affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8977)

2022-08-1921:04:31
www.ibm.com
9
ibm
license metric tool
bigfix inventory
http requests
disclosure
sensitive information
unauthorized user
attacks
cve-2016-8977

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

30.1%

JSON

Summary

IBM License Metric Tool v9 and IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests.
This information could be used to mount further attacks against the system.

Vulnerability Details

CVEID: CVE-2016-8977**
DESCRIPTION:** IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118914 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM License Metric Tool v9 IBM BigFix Inventory v9

Remediation/Fixes

Upgrade to version 9.2.6 or later using the following procedure:

  • In IBM Endpoint Manager console, expand IBM BigFix InventoryorIBM License Reporting (ILMT) node underSites node in the tree panel.
  • Click Fixlets and Tasks node.Fixlets and Tasks panel will be displayed on the right.
  • In the Fixlets and Tasks panel locate _Upgrade to the newest version of IBM BigFix Inventory 9.x _or Upgrade to the newest version IBM License Metric Tool 9.x fixlet and run it against the computer that hosts your server.

Workarounds and Mitigations

  • None

Affected configurations

Vulners
Node
ibmlicense_metric_toolMatch9.2
VendorProductVersionCPE
ibmlicense_metric_tool9.2cpe:2.3:a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*

Related

cvelist 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2016-8977
2017-02-01 22:00:00
nvd
nvd
CVE-2016-8977
2017-02-01 22:59:01
cve
cve
CVE-2016-8977
2017-02-01 22:59:01
prion
prion
Information disclosure
2017-02-01 22:59:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

30.1%

JSON
Related for 7A8778197708BEFF26803AA6905908DC26523D50A41CC0684D99D63F95FB20D4
cvelist1nvd1cve1prion1