Arbitrary File Upload Vulnerability in IBM BigFix Platform
CVE-2019-4013

9CRITICAL

Key Information:

Vendor
IBM
Status
Bigfix Platform
Vendor
CVE Published:
10 April 2019

Summary

The IBM BigFix Platform 9.5 contains a vulnerability that permits any authenticated user to perform arbitrary file uploads to any location on the server with root privileges. This poses a significant security risk as it enables potential code execution on the underlying system, which could be exploited by attackers to gain unauthorized control. It is essential for users of the affected version to apply patches and take necessary security measures to mitigate this vulnerability.

Affected Version(s)

BigFix Platform 9.5

References

http://www.ibm.com/support/docview.wss?uid=ibm10874666
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
vdb-entryx_refsource_XF
http://packetstormsecurity.com/files/154747/IBM-Bigfix-Pl...
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.