Vulnerabilities > IBM > Bigfix Inventory
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-13 | CVE-2016-8964 | 7PK - Security Features vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-04-26 | CVE-2016-8962 | Credentials Management vulnerability in IBM Bigfix Inventory 9.0/9.2 IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.9 |
| 2017-02-01 | CVE-2016-8977 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. | 5.3 |
| 2017-02-01 | CVE-2016-8963 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-8967 | Credentials Management vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-8981 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | 5.5 |
| 2017-02-01 | CVE-2016-8980 | XXE vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-02-01 | CVE-2016-8966 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-02-01 | CVE-2016-8961 | Open Redirect vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |