Every CVE whose affected-product data names Ibm Bigfix Inventory, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2016-8964 — CVSS 9.8 (critical): IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account…
CVE-2016-8980 — CVSS 8.1 (high): IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML…
CVE-2016-8961 — CVSS 6.1 (medium): IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to…
CVE-2016-8966 — CVSS 5.9 (medium): IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict…
CVE-2016-8962 — CVSS 5.9 (medium): IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to…
CVE-2016-8967 — CVSS 5.5 (medium): IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-8963 — CVSS 5.5 (medium): IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
CVE-2016-8981 — CVSS 5.5 (medium): IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
CVE-2016-8977 — CVSS 5.3 (medium): IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be…