CVE-2016-2951

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89785", "name": "IV89785", "tags": ["Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991885", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991885", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/94601", "name": "94601", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-2951", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}}, "publishedDate": "2016-11-30T11:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.1.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-03T03:26Z"}