Information Disclosure Vulnerability in IBM BigFix Platform
CVE-2018-1481

3.7LOW

Key Information:

Vendor: IBM
Status: Bigfix Platform
Vendor: CVE Published:; 12 December 2018

What is CVE-2018-1481?

The IBM BigFix Platform versions 9.2.0 to 9.2.14 and 9.5 to 9.5.9 have a vulnerability that stores sensitive information in URL parameters. This could expose confidential data to unauthorized individuals if they can gain access to the URLs through server logs, referrer headers, or even browser history. Organizations using these affected versions should take immediate measures to protect sensitive information from being disclosed inadvertently.

Affected Version(s)

BigFix Platform 9.5.9

BigFix Platform 9.2.0

BigFix Platform 9.2.14

References

https://www.ibm.com/support/docview.wss?uid=ibm10733605

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/140763

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2018
Vulnerability Reserved
Dec 13, 2017