Vulnerability Description
IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
CVSS Score
3.7
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Bigfix Remote Control | <= 9.1.2 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89794Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21991871Vendor Advisory
- http://www.securityfocus.com/bid/94598
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89794Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21991871Vendor Advisory
- http://www.securityfocus.com/bid/94598
FAQ
What is CVE-2016-2952?
CVE-2016-2952 is a vulnerability with a CVSS score of 3.7 (LOW). IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
How severe is CVE-2016-2952?
CVE-2016-2952 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2952?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Bigfix Remote Control.