Ibm

Bigfix Platform

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2018-1474

  • EPSS 0.19%
  • Veröffentlicht 12.12.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:53

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers...

6.1

CVE-2018-1478

  • EPSS 0.15%
  • Veröffentlicht 12.12.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:54

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hija...

7.8

CVE-2017-1231

  • EPSS 0.03%
  • Veröffentlicht 12.10.2018 05:29:00
  • Zuletzt bearbeitet 21.11.2024 03:21:32

IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.

7.5

CVE-2018-1600

  • EPSS 0.1%
  • Veröffentlicht 04.06.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:04

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.

8.8

CVE-2018-1479

  • EPSS 0.14%
  • Veröffentlicht 27.04.2018 15:29:10
  • Zuletzt bearbeitet 21.11.2024 03:59:54

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.

9.8

CVE-2018-1475

  • EPSS 0.38%
  • Veröffentlicht 27.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:53

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.

6.1

CVE-2018-1473

  • EPSS 0.18%
  • Veröffentlicht 27.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:53

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...

8.8

CVE-2016-0295

  • EPSS 0.1%
  • Veröffentlicht 28.02.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 02:41:26

Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

9

CVE-2016-0291

  • EPSS 4.97%
  • Veröffentlicht 28.02.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 02:41:26

IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.

5.9

CVE-2017-1229

  • EPSS 0.17%
  • Veröffentlicht 13.11.2017 23:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensit...