Design/Logic Flaw

Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors...

CVE-2016-2931

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network...

CVE-2016-2948

IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors...

Session fixation

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session...

CVE-2016-2949

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session...

CVE-2016-2951

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2016-2952

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

Sql injection

SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Design/Logic Flaw

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network...

Design/Logic Flaw

IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors...

Design/Logic Flaw

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file...

Cross site request forgery (csrf)

The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request...

Design/Logic Flaw

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability."...

CVE-2016-2931

IBM BigFix Remote Control is affected by CVE-2016-2931: versions before 9.1.3 allow unauthenticated remote attackers to obtain sensitive cleartext information by sniffing network traffic. Affected product: IBM BigFix Remote Control prior to 9.1.3. Root cause: information disclosure through networ...

CVE-2016-2950

CVE-2016-2950 affects IBM BigFix Remote Control prior to 9.1.3. The vulnerability is a SQL injection flaw that allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. IBM BigFix Remote Control versions before 9.1.3 are vulnerable; upgrading to 9.1.3 or applyin...

CVE-2016-2937

IBM BigFix Remote Control vulnerability (CVE-2016-2937) affects IBM BigFix Remote Control prior to 9.1.3. The issue allows remote attackers to obtain sensitive information or spoof email transmission by sending a crafted POST request, described as an “untrusted information vulnerability.” Affecte...

CVE-2016-2963

IBM BigFix Remote Control is affected by a CSRF vulnerability (CVE-2016-2963) affecting versions up to 9.1.3 (earlier listings also cite 9.1.2 and older). The issue allows an attacker to hijack the authenticated user’s session by issuing requests that insert XSS sequences, enabling cross-site req...

CVE-2016-2932

IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors...

CVE-2016-2943

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file...