What is CVE-2019-4061?

CVE-2019-4061 is a medium-severity vulnerability in Ibm Bigfix Platform. CVSS score: 5.3/10. Published 2019-02-27.

How severe is CVE-2019-4061?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2019-4061 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Bigfix Platform

CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.

EPSS: 0.746 (98.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O.

Affected products

Ibm Bigfix Platform — versions 9.2, 9.5

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ibm-bigfix-cve20194061-info-disc(156869) (vdb-entry, x_refsource_XF)
107189 (vdb-entry, x_refsource_BID)
www.ibm.com/support/docview.wss (x_refsource_CONFIRM)
www.rapid7.com/db/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-4061?: CVE-2019-4061 is a medium-severity vulnerability in Ibm Bigfix Platform. CVSS score: 5.3/10. Published 2019-02-27.
How severe is CVE-2019-4061?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2019-4061 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.