exploitDog

CVE-2016-2951

Опубликовано: 30 нояб. 2016

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89785
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991885
Vendor Advisory
http://www.securityfocus.com/bid/94601
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89785
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991885
Vendor Advisory
http://www.securityfocus.com/bid/94601

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*

Версия до 9.1.2 (включая)

EPSS

Процентиль: 35%

0.00143

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-jfjj-7xqr-j2hf

CVSS3: 3.7

github

больше 3 лет назад

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

EPSS

Процентиль: 35%

0.00143

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310