2109 matches found
CVE-2016-2936
IBM BigFix Remote Control (before 9.1.3) stores passwords in clear text, enabling local users to obtain sensitive credentials. Affected versions include 9.1.2 and earlier. Root cause: cleartext password storage. Impact: information disclosure to local attackers. Remediation: upgrade to version 9....
CVE-2016-2944
IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach...
CVE-2016-2948
IBM BigFix Remote Control (before 9.1.3) is affected by CVE-2016-2948: a local information-disclosure vulnerability where hardcoded credentials can be discovered by a local attacker via unspecified vectors. Affected version range includes 9.1.2 and earlier; impact is local confidentiality and int...
CVE-2016-2963
Cross-site request forgery CSRF vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2016-2949
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session...
CVE-2016-2931
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network...
CVE-2016-2933
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request...
CVE-2016-2949
IBM BigFix Remote Control prior to version 9.1.3 has an information disclosure flaw that allows a local attacker to obtain sensitive data by reading cached web pages from another user’s session. Some sources cite affected versions as up to 9.1.2 (CNVD) or generally before 9.1.3 (NVD). The root ca...
CVE-2016-2932
IBM BigFix Remote Control before 9.1.3 is affected by an XML injection vulnerability (CVE-2016-2932) due to an unspecified flaw that allows an unauthenticated, remote attacker to inject arbitrary XML content. Public documents do not provide exploitation details; one source suggests upgrading to 9...
CVE-2016-2935
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request...
CVE-2016-2943
IBM BigFix Remote Control before 9.1.3 is affected by CVE-2016-2943: a local information-disclosure vulnerability where an attacker can read a log file to obtain sensitive information due to unspecified privileges. The issue is documented across multiple sources (NVD entry for CVE-2016-2943 and N...
CVE-2016-2935
CVE-2016-2935 affects IBM BigFix Remote Control broker prior to 9.1.3, where an unauthenticated remote actor can cause a denial-of-service by sending an invalid HTTP request. This is corroborated by multiple sources in the connected documents (NVD/NESSUS/CNVD), which list the affected product and...
CVE-2016-2937
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability."...
CVE-2016-2934
Cross-site scripting XSS vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2940
IBM BigFix Remote Control is affected by an information-disclosure vulnerability (CVE-2016-2940) present in 9.1.2 and earlier versions, with impact described as a remote attacker obtaining sensitive information. The connected CNVD entry explicitly notes the affected versions (9.1.2 and earlier) a...
CVE-2016-2951
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data...
CVE-2016-2944
IBM BigFix Remote Control before 9.1.3 is affected by an authentication flaw: it does not properly restrict failed login attempts, enabling brute-force access by a remote attacker. Connected sources confirm this vulnerability exists in versions up to 9.1.2 and describe the root cause as insuffici...
CVE-2016-2940
Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors...
CVE-2016-2950
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2933
CVE-2016-2933 : Directory traversal in IBM BigFix Remote Control before 9.1.3 lets remote authenticated administrators read arbitrary files via a crafted request. Affected product: IBM BigFix Remote Control; vulnerable component: web service/file handling that processes crafted requests; root cau...