Vulnerabilities > IBM > Bigfix Inventory > 9.0

DATE CVE VULNERABILITY TITLE RISK
2017-07-13 CVE-2016-8964 7PK - Security Features vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-254
critical
9.8
2017-04-26 CVE-2016-8962 Credentials Management vulnerability in IBM Bigfix Inventory 9.0/9.2
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
high complexity
ibm CWE-255
5.9
2017-02-01 CVE-2016-8963 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-200
5.5
2017-02-01 CVE-2016-8961 Open Redirect vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1