Skip to main content
CVE-2016-2952 LOW Monitor

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
3.7
EPSS
0.3%
CVE-2016-2953 LOW PATCH Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Connections
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-2951 LOW Monitor

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2016-3009 LOW Monitor

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM CSRF Connections
NVD
CVSS 3.0
3.5
EPSS
0.0%
CVE-2016-2949 LOW Monitor

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2877 LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2874 LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-3002 LOW Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
2.1
EPSS
0.1%
CVE-2016-2943 LOW Monitor

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy