Credential Storage Vulnerability in IBM BigFix Platform
CVE-2017-1231

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Bigfix Platform
Vendor: CVE Published:; 12 October 2018

Summary

The IBM BigFix Platform versions 9.5 through 9.5.9 contains a vulnerability where user credentials are stored in plain text. This exposes sensitive information to local users who can access the system, potentially leading to unauthorized actions by malicious insiders. Organizations using these versions should take immediate steps to mitigate this risk by upgrading to the latest version and ensuring secure credential management practices.

Affected Version(s)

BigFix Platform 9.5

BigFix Platform 9.5.1

BigFix Platform 9.5.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123910

vdb-entryx_refsource_XF

https://www-01.ibm.com/support/docview.wss?uid=ibm10724511

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2018
Vulnerability Reserved
Nov 30, 2016