Bigfix
by IBM
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1221 | Cri | 0.64 | 9.8 | 0.02 | Nov 13, 2017 | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. | ||
| CVE-2017-1229 | Med | 0.38 | 5.9 | 0.01 | Nov 13, 2017 | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in… | ||
| CVE-2016-0292 | Med | 0.36 | 5.5 | 0.00 | Aug 30, 2016 | WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. |
- risk 0.64cvss 9.8epss 0.02
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.
- risk 0.38cvss 5.9epss 0.01
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in…
- risk 0.36cvss 5.5epss 0.00
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.