CVE-2016-2952

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
ibmbigfix_remote_control
𝑥
≤ 9.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89794
http://www-01.ibm.com/support/docview.wss?uid=swg21991871
http://www.securityfocus.com/bid/94598
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89794
http://www-01.ibm.com/support/docview.wss?uid=swg21991871
http://www.securityfocus.com/bid/94598