IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

📄 IBM BigFix Platform 9.2 Information Disclosure

IBM BigFix Platform version 9.2 information gathering proof of concept exploit. ============================================================================================================================================= | Title : IBM BigFix Platform 9.2 gather information Vulnerability | | Auth...

IBM BigFix Relay Server Sites and Package Enum

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM BigFix Relay Server Sites and Package Enum', 'Description' = %q This module retrieves masthead, site, and available package information from...

CVE-2019-4061

creationtimestamp| type| source ---|---|--- 2019-03-20 12:24:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ibmbigfixsitespackagesenum.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:16+00:00| seen...

IBM BigFix Relay Server Sites and Package Enum

This module retrieves masthead, site, and available package information from IBM BigFix Relay Servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM BigFix Relay Server Sites and Package...

CVE-2019-4061

CVE-2019-4061 affects IBM BigFix Platform 9.2 and 9.5. The vulnerability arises from relay components not requiring authentication, allowing a remote attacker to query the relay and collect information on updates and fixlets deployed to sites. The impact is information disclosure with no user int...