CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2005
https://notcve.org/view.php?id=CVE-2018-2005
20 May 2019 — IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007 IBM BigFix Platform 9.2 y 9.5 almacena información potencialmente confidencial en la memoria de proceso que puede ser leída por un atacante local con permisos elevados. ID de IBM X-Force: 155007 • https://exchange.xforce.ibmcloud.com/vulnerabilities/155007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.9EPSS: 13%CPEs: 1EXPL: 2CVE-2019-4013 – IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2019-4013
10 Apr 2019 — IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887. IBM BigFix Platform versión 9.5 podría permitir a cualquier usuario identificado cargar cualquier archivo en cualquier ubicación del servidor con privilegios de tipo root. Esto da como resultado la ejecución de código en el sistema subyacente con privilegios de tipo root. • https://packetstorm.news/files/id/154747 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 59%CPEs: 2EXPL: 1CVE-2019-4061 – IBM BigFix Relay Server Sites and Package Enum
https://notcve.org/view.php?id=CVE-2019-4061
27 Feb 2019 — IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869. IBM BigFix Platform, en sus versiones 9.2 y 9.5, podría permitir a un atacante consultar el relay de manera remota y obtener información sobre las actualizaciones y fixlets desplegados en los sitios asociados debido a la no habilitación de un acceso autenticado. IBM X-Force I... • https://packetstorm.news/files/id/180698 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1474
https://notcve.org/view.php?id=CVE-2018-1474
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692. IBM BigFi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/140692 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1476
https://notcve.org/view.php?id=CVE-2018-1476
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757. IBM BigFix Platform, desde la versión 9.2.0 hasta la 9.2.14 y desde la versión 9.5 hasta la 9.5.9, divulga información sensible a usuarios no autorizados. Esta información puede emplearse para ejecutar más ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/140757 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1478
https://notcve.org/view.php?id=CVE-2018-1478
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 140760. IBM BigFix Platform, desde la versión 9.2.0 hasta la 9.2.14 y de la versión 9.5 hasta la 9.5.9, podría permitir que un atacante remoto secuestre la acci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/140760 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1480
https://notcve.org/view.php?id=CVE-2018-1480
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762. IBM BigFix Platform, desde la versón 9.2.0 hasta la 9.2.14 y desde la versión 9.5 hasta la 9.5.9, no establece el atributo "HttpOnly" en los tokens de autorización o en las cookies de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/140762 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1481
https://notcve.org/view.php?id=CVE-2018-1481
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763. IBM BigFix Platform, de la versión 9.2.0 hasta la 9.2.14 y desde la versión 9.5 hasta la 9.5.9, almacena información sensible en parámetros de la URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen a... • https://exchange.xforce.ibmcloud.com/vulnerabilities/140763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1484
https://notcve.org/view.php?id=CVE-2018-1484
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969. IBM BigFix Platform, desde la versión 9.2.0 hasta la 9.2.14 y de la versión 9.5 hasta la 9.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/140969 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1485
https://notcve.org/view.php?id=CVE-2018-1485
12 Dec 2018 — IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970. IBM BigFix Platform, desde la versión 9.2.0 hasta la 9.2.14 y desde la versión 9.5 hasta la 9.5.9, no renueva una variable de sesión tras una autenticación exitosa. Esto podría desembocar en una vulnerabilidad de fija... • https://exchange.xforce.ibmcloud.com/vulnerabilities/140970 • CWE-384: Session Fixation •