Vulnerability Description
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | License Metric Tool | 9.2.0 |
| Hp | Hp-Ux | All versions |
| Ibm | Aix | All versions |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
| Oracle | Solaris | All versions |
| Ibm | Bigfix Inventory | 9.2 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg21995014Vendor Advisory
- http://www.securityfocus.com/bid/95308Third Party AdvisoryVDB Entry
- http://www.ibm.com/support/docview.wss?uid=swg21995014Vendor Advisory
- http://www.securityfocus.com/bid/95308Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-8977?
CVE-2016-8977 is a vulnerability with a CVSS score of 5.3 (MEDIUM). IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
How severe is CVE-2016-8977?
CVE-2016-8977 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8977?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm License Metric Tool, Hp Hp-Ux, Ibm Aix, Linux Linux Kernel, Microsoft Windows.