CVE-2016-6085 IBM CVE debrief

Who should care

IBM BigFix Platform administrators and operators, especially teams responsible for BES and relay servers or any internal network segment where BigFix services are reachable.

Technical summary

The NVD record describes an availability-impacting flaw in IBM BigFix Platform that can be triggered from the local network and can crash BES and relay servers. NVD's CVSS v3.0 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates no privileges or user interaction are required, but the attack is limited to an adjacent/local network position. NVD also lists CWE-284 and marks IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 as vulnerable.

Defensive priority

Medium priority. Triage promptly if BigFix infrastructure is reachable from internal or adjacent networks, because the impact is service crash/availability loss.

Recommended defensive actions

• Check whether any IBM BigFix Platform deployments are on versions 9.0, 9.1, 9.2, or 9.5.
• Apply the IBM fix or remediation referenced in the IBM PSIRT advisory.
• Restrict access to BES and relay servers to trusted management networks only.
• Monitor BigFix services for unexpected crashes or restarts and review logs for abnormal local-network access.
• Use the NVD and IBM advisory references to confirm the vendor's current remediation guidance.

Evidence notes

All core claims are taken from the NVD record and the IBM PSIRT advisory references in the supplied corpus: NVD describes a local-network crash affecting BES and relay servers, assigns CVSS 6.5 with AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, maps CWE-284, and lists IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 as vulnerable. The IBM advisory reference (swg21996348) is the vendor source cited by NVD. The CVE was published on 2017-02-01 and later modified in NVD on 2026-05-13; that modified date is record maintenance, not the original issue date.

Official resources