IBM Security Bulletin: The BigFIx platform has a vulnerability where WebReports executes with unnecessary privileges (CVE-2016-0396)
The BigFix Platform (WebReports) could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
CVE(s): CVE-2016-0396
Affected product(s) and affected version(s):
BigFix Platform version 9.0
BigFix Platform version 9.1
BigFix Platform version 9.2
BigFix Platform version 9.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fPpDoC
X-Force Database: http://ift.tt/2fvPH3Z
from IBM Product Security Incident Response Team http://ift.tt/2fPtVMJ