6.5

CVE-2019-4058

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmBigfix Platform Version >= 9.2 <= 9.2.17
IbmBigfix Platform Version >= 9.5 <= 9.5.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.93% 0.557
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
psirt@us.ibm.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

https://www.ibm.com/support/docview.wss?uid=ibm10881996
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/156570
Vendor Advisory
VDB Entry