IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

📄 IBM BigFix Platform 9.2 Information Disclosure

IBM BigFix Platform version 9.2 information gathering proof of concept exploit. ============================================================================================================================================= | Title : IBM BigFix Platform 9.2 gather information Vulnerability | | Auth...

EUVD-2016-7018

Malware in sbrugna...

EUVD-2016-7019

Malware in sbrugna...

EUVD-2019-13665

Malware in sbrugna...

IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution

Exploit Title: IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Date: 2018-12-11 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.ibm.com/ Version: IBM Bigfix Platform Software Add Software" menu. Here user needs to choose upload via URL option as only this one is vulnerable. U...

IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Vulnerability

Exploit for java platform in category web applications Exploit Title: IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.ibm.com/ Version: IBM Bigfix Platform Software Add Software" menu. Here user needs to choose upload via URL...

CVE-2019-4011

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885...

CVE-2018-2005

IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007...

Information disclosure

IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007...

PT-2019-16870 · Ibm · Ibm Bigfix Platform

Name of the Vulnerable Software and Affected Versions: IBM BigFix Platform versions 9.2 through 9.5 Description: The issue allows a low-privilege user to manipulate the UI, exposing interface elements and information normally restricted to administrators. Recommendations: For versions 9.2 through...

IBM BigFix Platform 9.2.x <= 9.2.16 / 9.5.x <= 9.5.11 Information Disclosure

According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by an information disclosure vulnerability in internet-facing relays if they are configured as non-authenticating. ...

IBM BigFix Platform Unauthorized Operation Vulnerability

IBM BigFix Platform is a dynamic, content-driven messaging and management system from IBM, USA. A security vulnerability exists in IBM BigFix Platform versions 9.5 through 9.5.11. An attacker could exploit the vulnerability to upload files to the server with elevated privileges and perform...

CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

IBM BigFix Platform Unauthorized Access Vulnerability

IBM BigFix Platform is a dynamic, content-driven messaging and management system from IBM, USA. An unauthorized access vulnerability exists in BigFix Platform versions 9.5 through 9.5.11 and 9.2 through 9.2.16, which could be exploited by an attacker to obtain information...

IBM BigFix Platform 9.2.x < 9.2.15 / 9.5.x < 9.5.10 Multiple Vulnerabilities

According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by multiple vulnerabilities : - IBM BigFix Platform is vulnerable to HTTP response splitting attacks, caused by...

IBM BigFix Platform HTTP Response Splitting Vulnerability

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system multi-technology platform. A security vulnerability exists in IBM BigFix Platform that originates when the program incorrectly validates user-submitted input. A remote attacker could exploit th...

IBM BigFix Platform Session Fixation Vulnerability

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system multi-technology platform. A session fixation vulnerability in IBM BigFix Platform versions 9.5 through 9.5.9 and 9.2 through 9.2.14, which stems from the program's failure to update session...

CVE-2018-1481

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763...

CVE-2018-1484

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be...