CVE-2019-4013
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
Severity Score
9.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
IBM BigFix Platform versión 9.5 podría permitir a cualquier usuario identificado cargar cualquier archivo en cualquier ubicación del servidor con privilegios de tipo root. Esto da como resultado la ejecución de código en el sistema subyacente con privilegios de tipo root. ID de IBM X-Force: 155887.
IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-04-10 CVE Published
- 2019-10-07 First Exploit
- 2024-04-27 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47470 | 2019-10-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10874666 | 2019-10-07 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/155887 | 2019-10-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Bigfix Platform Search vendor "Ibm" for product "Bigfix Platform" | >= 9.5.0 <= 9.5.11 Search vendor "Ibm" for product "Bigfix Platform" and version " >= 9.5.0 <= 9.5.11" | - |
Affected
| ||||||