Ibm

Bigfix Platform

44 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2018-1474

  • EPSS 0.19%
  • Published 12.12.2018 16:29:00
  • Last modified 21.11.2024 03:59:53

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers...

6.1

CVE-2018-1478

  • EPSS 0.15%
  • Published 12.12.2018 16:29:00
  • Last modified 21.11.2024 03:59:54

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hija...

7.8

CVE-2017-1231

  • EPSS 0.03%
  • Published 12.10.2018 05:29:00
  • Last modified 21.11.2024 03:21:32

IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.

7.5

CVE-2018-1600

  • EPSS 0.1%
  • Published 04.06.2018 17:29:00
  • Last modified 21.11.2024 04:00:04

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.

8.8

CVE-2018-1479

  • EPSS 0.14%
  • Published 27.04.2018 15:29:10
  • Last modified 21.11.2024 03:59:54

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.

9.8

CVE-2018-1475

  • EPSS 0.38%
  • Published 27.04.2018 15:29:00
  • Last modified 21.11.2024 03:59:53

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.

6.1

CVE-2018-1473

  • EPSS 0.18%
  • Published 27.04.2018 15:29:00
  • Last modified 21.11.2024 03:59:53

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...

8.8

CVE-2016-0295

  • EPSS 0.1%
  • Published 28.02.2018 17:29:00
  • Last modified 21.11.2024 02:41:26

Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

9

CVE-2016-0291

  • EPSS 4.97%
  • Published 28.02.2018 17:29:00
  • Last modified 21.11.2024 02:41:26

IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.

5.9

CVE-2017-1229

  • EPSS 0.17%
  • Published 13.11.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensit...