Information Disclosure Vulnerability in IBM BigFix Compliance
CVE-2017-1198

3.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
5 February 2019

Summary

IBM BigFix Compliance versions 1.7 through 1.9.91 are susceptible to a vulnerability that allows sensitive information to be stored in URL parameters. This flaw may result in unauthorized access to sensitive data if these URLs are exposed through server logs, the referrer header, or browser history. Users of these affected versions should take immediate action to secure their systems to prevent potential information leakage.

Affected Version(s)

BigFix Compliance 1.7

BigFix Compliance 1.9.91

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.