VYPR

Bigfix Security Compliance Analytics

by IBM

CVEs (5)

  • CVE-2017-1197CriJun 15, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.

  • CVE-2017-1196CriJun 7, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.

  • CVE-2017-1201HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.

  • CVE-2017-1178MedJun 7, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2017-1179MedJun 8, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.