Test ID:	1.3.6.1.4.1.25623.1.0.809368
Category:	Web application abuses
Title:	IBM BigFix (Formerly Tivoli Endpoint Manager) Multiple Vulnerabilities (Oct 2016)
Summary:	IBM BigFix (Formerly Tivoli Endpoint Manager) is prone to multiple vulnerabilities.
Description:	Summary: IBM BigFix (Formerly Tivoli Endpoint Manager) is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - Cleartext system password is used. - Improper validation of incoming http traffic. - Improper validation of user-supplied input. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information and let local users discover the cleartext system password by reading a report and hijack the authentication of arbitrary users, perform cross-site scripting attacks, web cache poisoning, and other malicious activities. Affected Software/OS: IBM BigFix (Formerly Tivoli Endpoint Manager) versions 9.x before 9.5.2. Solution: Upgrade to IBM BigFix (Formerly Tivoli Endpoint Manager) version 9.5.2, or later. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0292 Common Vulnerability Exposure (CVE) ID: CVE-2016-0397 BugTraq ID: 92467 http://www.securityfocus.com/bid/92467 Common Vulnerability Exposure (CVE) ID: CVE-2016-0295 XForce ISS Database: ibm-mdm-cve20160295-csrf(111363) https://exchange.xforce.ibmcloud.com/vulnerabilities/111363
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.