CVE-2016-2932
CVE-2016-2932 is a medium-severity vulnerability in Ibm Bigfix Remote Control with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-91.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (70th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-91
- Affected product: Ibm Bigfix Remote Control
- Published:
- Last modified:
Description
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
Frequently asked questions
- What is CVE-2016-2932?
- IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
- How severe is CVE-2016-2932?
- CVE-2016-2932 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability none.
- Is CVE-2016-2932 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (70th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2016-2932?
- CVE-2016-2932 affects Ibm Bigfix Remote Control. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2016-2932?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2016-2932 published?
- CVE-2016-2932 was published on 2016-11-30 and last updated on 2026-06-17.
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89787
- http://www-01.ibm.com/support/docview.wss?uid=swg21991882
- http://www.securityfocus.com/bid/94983
Affected products (1)
- cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*
More vulnerabilities in Ibm Bigfix Remote Control
- CVE-2016-2944 — Critical (CVSS 9.8): IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for…
- CVE-2016-2963 — High (CVSS 8.8): Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to…
- CVE-2016-2929 — High (CVSS 8.1): IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote…
- CVE-2016-2948 — High (CVSS 7.8): IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.
- CVE-2016-2930 — High (CVSS 7.5): IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without…
- CVE-2016-2936 — High (CVSS 7.3): IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to…
All CVEs affecting Ibm Bigfix Remote Control →
Other CWE-91 (XML Injection) vulnerabilities
- CVE-2021-4140 — Critical (CVSS 10.0): It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability…
- CVE-2023-43187 — Critical (CVSS 9.8): A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to…
- CVE-2019-19450 — Critical (CVSS 9.8): paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates…
- CVE-2021-37154 — Critical (CVSS 9.8): In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a…
- CVE-2020-29128 — Critical (CVSS 9.8): petl before 1.68, in some configurations, allows resolution of entities in an XML document.
- CVE-2020-25216 — Critical (CVSS 9.8): yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction…