MEDIUM🇵🇱 Wersja polska

CVE-2016-8962

CVSS 5.9v3.0pub. 2017-04-26upd. 2026-05-13

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • IBM Bigfix Inventory

    APP
    Ibm
    ≤ 9.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-8964CRITICAL9.8ten sam produkt

IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to b...

CVE-2016-8980HIGH8.1ten sam produkt

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE)...

CVE-2016-8966MEDIUM5.9ten sam produkt

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure t...

CVE-2016-8967MEDIUM5.5ten sam produkt

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

CVE-2016-8977MEDIUM5.3ten sam produkt

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. ...