CVE-2016-2927

low-risk

Published 2016-11-25

IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Bigfix Remote Control

Affected Vendors

Ibm

References (6)

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV89792

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21991875

http://www.securityfocus.com/bid/94561

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV89792

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21991875

http://www.securityfocus.com/bid/94561

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal