IBM Support

IV89781: SECURITY APAR CVE-2016-2948 HARD CODED CREDENTIALS USED IN IBM BIGFIX REMOTE CONTROL

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • IBM BigFix Remote Control uses hard coded credentials stored
    that can be easily obtained by a local user. IBM BigFix Remote
    Control has remediated this vulnerability.
    
    CVE ID: CVE-2016-2948
    

Local fix

  • not available
    

Problem summary

Problem conclusion

  • This fix is included in the IBM BigFix Remote Control 9.1.3
    application update.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV89781

  • Reported component name

    TIV EP MGR REM

  • Reported component ID

    5725C43RC

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-10-07

  • Closed date

    2016-10-11

  • Last modified date

    2016-10-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV EP MGR REM

  • Fixed component ID

    5725C43RC

Applicable component levels

  • R910 PSN

       UP



Document information

More support for: IBM BigFix family

Software version: 910

Reference #: IV89781

Modified date: 11 October 2016