CVE-2016-2949
low
CVSS v3
3.3
CVSS v2
2.1
VIR risk
3.3
Description
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.
Predictions
Exploit likelihood
34%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21991959
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV89740
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | bigfix_remote_control | {"endIncluding":"9.1.2"} | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89740
- http://www-01.ibm.com/support/docview.wss?uid=swg21991959
- http://www.securityfocus.com/bid/94608
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89740
- http://www-01.ibm.com/support/docview.wss?uid=swg21991959
- http://www.securityfocus.com/bid/94608
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.