CVE-2016-2951

low-risk

Published 2016-11-30

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Bigfix Remote Control

Affected Vendors

Ibm

References (6)

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV89785

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21991885

http://www.securityfocus.com/bid/94601

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV89785

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21991885

http://www.securityfocus.com/bid/94601

/ 100

low-risk

Severity 13/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal