exploitDog

CVE-2016-2927

Опубликовано: 25 нояб. 2016

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89792
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991875
Vendor Advisory
http://www.securityfocus.com/bid/94561
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89792
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991875
Vendor Advisory
http://www.securityfocus.com/bid/94561

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*

Версия до 9.1.2 (включая)

EPSS

Процентиль: 39%

0.00176

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2m4g-hjc6-gj7h

CVSS3: 5.9

github

больше 3 лет назад

IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

EPSS

Процентиль: 39%

0.00176

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200