Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME11D95E1446E3A5EC1D3FEBDCCF8935F58E0895094733066E7BD69E4A3677533
HistoryAug 19, 2022 - 9:04 p.m.

Security Bulletin: A security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-6082)

2022-08-1921:04:31
www.ibm.com
5

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.009 Low

EPSS

Percentile

83.2%

JSON

Summary

BigFix Platform (BES Root Server and BES Relay) is shipped as a component of IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x.
Information about a security vulnerability affecting BigFix Platform has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2016-6082
DESCRIPTION: BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

IBM License Metric Tool v9.x IBM BigFix Inventory v9.x

Remediation/Fixes

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmlicense_metric_toolMatch9.2
CPENameOperatorVersion
ibm license metric tooleq9.2

Related

cve 1
prion 1
nvd 1
cvelist 1
nessus 2
cve
cve
CVE-2016-6082
2017-02-01 20:59:02
prion
prion
Race condition
2017-02-01 20:59:00
nvd
nvd
CVE-2016-6082
2017-02-01 20:59:02
cvelist
cvelist
CVE-2016-6082
2017-02-01 20:00:00
nessus
nessus
IBM BigFix Platform 9.x < 9.1.9.1301 / 9.2.9.36 / 9.5.4.38 Multiple Vulnerabilities
2016-12-29 00:00:00
IBM BigFix Platform 9.x < 9.1.9 / 9.2.x < 9.2.9 / 9.5.x < 9.5.4 Multiple Vulnerabilities
2017-01-19 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.009 Low

EPSS

Percentile

83.2%

JSON
Related for E11D95E1446E3A5EC1D3FEBDCCF8935F58E0895094733066E7BD69E4A3677533
cve1prion1nvd1cvelist1nessus2