Credential Storage Vulnerability in IBM BigFix Platform
CVE-2017-1231

4.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 October 2018

Summary

The IBM BigFix Platform versions 9.5 through 9.5.9 contains a vulnerability where user credentials are stored in plain text. This exposes sensitive information to local users who can access the system, potentially leading to unauthorized actions by malicious insiders. Organizations using these versions should take immediate steps to mitigate this risk by upgrading to the latest version and ensuring secure credential management practices.

Affected Version(s)

BigFix Platform 9.5

BigFix Platform 9.5.1

BigFix Platform 9.5.2

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.