Ibm Bigfix_platform
25 CVEs affecting Ibm Bigfix_platform. Latest disclosed: 2017-11-13. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-6082 | Critical | 10.0 | 2017-02-01 | IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit… |
CVE-2017-1221 | Critical | 9.8 | 2017-11-13 | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers t… |
CVE-2017-1218 | High | 8.8 | 2017-07-19 | IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted… |
CVE-2016-0396 | High | 8.1 | 2017-02-01 | IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than ex… |
CVE-2016-0214 | High | 7.8 | 2017-02-08 | IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious f… |
CVE-2017-1227 | High | 7.5 | 2017-07-31 | IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. |
CVE-2017-1224 | High | 7.5 | 2017-07-19 | IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Forc… |
CVE-2017-1222 | Medium | 6.5 | 2017-10-26 | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonym… |
CVE-2017-1219 | Medium | 6.5 | 2017-07-19 | IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulner… |
CVE-2016-6085 | Medium | 6.5 | 2017-02-01 | IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. |
CVE-2016-6084 | Medium | 6.5 | 2017-02-01 | IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. |
CVE-2017-1521 | Medium | 6.1 | 2017-10-26 | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This… |
CVE-2017-1223 | Medium | 6.1 | 2017-07-19 | IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a special… |
CVE-2017-1203 | Medium | 6.1 | 2017-07-19 | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to emb… |
CVE-2016-0293 | Medium | 6.1 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attack… |
CVE-2017-1229 | Medium | 5.9 | 2017-11-13 | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HT… |
CVE-2017-1232 | Medium | 5.9 | 2017-10-26 | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be… |
CVE-2016-0269 | Medium | 5.4 | 2016-07-15 | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary w… |
CVE-2017-1230 | Medium | 5.3 | 2017-10-26 | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable… |
CVE-2017-1225 | Medium | 5.3 | 2017-10-26 | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauth… |