5.3

CVE-2016-2932

IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmBigfix Remote Control Version <= 9.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89787
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991882
Vendor Advisory
http://www.securityfocus.com/bid/94983
Third Party Advisory
VDB Entry