Product
ibm bigfix inventory
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-27759
CVE-2021-27758
CVE-2016-8964
CVE-2016-8962
CVE-2016-8977
CVE-2016-8963
CVE-2016-8967
CVE-2016-8981
CVE-2016-8980
CVE-2016-8966
CVE-2016-8961
>= 9.0 and < 10.0.7.0
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the requ
>= 9.0 and < 10.0.7.0
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker
>= 9.0 and < 9.2.8
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account c
<= 9.2
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers
all versions
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information cou
<= 9.2
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
all versions
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
all versions
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
all versions
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processi
all versions
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HT
<= 9.2
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a