CVE-2016-6082

high-risk

Published 2017-02-01

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Do I need to act?

7.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (4)

Bigfix Platform

Affected Vendors

Ibm

References (4)

Patch http://www.ibm.com/support/docview.wss?uid=swg21996375

Third Party Advisory http://www.securityfocus.com/bid/95297

Patch http://www.ibm.com/support/docview.wss?uid=swg21996375

Third Party Advisory http://www.securityfocus.com/bid/95297

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 10/34 · Low

Exposure 10/34 · Low