Ibm Bigfix Platform
19 CVEs affecting Ibm Bigfix Platform. Latest disclosed: 2019-05-20. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1221 | Critical | 9.8 | 2017-11-13 | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers t… |
CVE-2019-4013 | Critical | 9.0 | 2019-04-10 | IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code executio… |
CVE-2018-1600 | High | 8.6 | 2018-06-04 | IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized acto… |
CVE-2017-1227 | High | 7.5 | 2017-07-31 | IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. |
CVE-2019-4058 | Medium | 6.5 | 2019-05-20 | IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to a… |
CVE-2018-1478 | Medium | 6.1 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victi… |
CVE-2018-1474 | Medium | 6.1 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied… |
CVE-2019-4011 | Medium | 5.4 | 2019-05-20 | IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al… |
CVE-2019-4061 | Medium | 5.3 | 2019-02-27 | IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associ… |
CVE-2018-1476 | Medium | 5.3 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount furt… |
CVE-2017-1231 | Medium | 4.4 | 2018-10-12 | IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910. |
CVE-2018-1480 | Medium | 4.0 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Sit… |
CVE-2018-1484 | Low | 3.7 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be a… |
CVE-2018-1481 | Low | 3.7 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unaut… |
CVE-2018-2005 | Low | 3.3 | 2019-05-20 | IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IB… |
CVE-2018-1485 | Low | 3.1 | 2018-12-12 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session… |
CVE-2018-1479 | | 2018-04-27 | IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmi… | |
CVE-2018-1475 | | 2018-04-27 | IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force I… | |
CVE-2018-1473 | | 2018-04-27 | IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al… |