Описание
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00233
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
EPSS
Процентиль: 46%
0.00233
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200