Vulnerabilities > IBM > Bigfix Remote Control > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-03 | CVE-2016-2930 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.3 IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. | 7.5 |
| 2016-11-30 | CVE-2016-2963 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Remote Control 9.1.2 Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-11-30 | CVE-2016-2948 | Use of Hard-coded Credentials vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | 7.8 |
| 2016-11-30 | CVE-2016-2936 | Credentials Management vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | 7.3 |
| 2016-11-25 | CVE-2016-2929 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | 8.1 |