Arbitrary File Upload Vulnerability in IBM BigFix Platform
CVE-2019-4013
9CRITICAL
Summary
The IBM BigFix Platform 9.5 contains a vulnerability that permits any authenticated user to perform arbitrary file uploads to any location on the server with root privileges. This poses a significant security risk as it enables potential code execution on the underlying system, which could be exploited by attackers to gain unauthorized control. It is essential for users of the affected version to apply patches and take necessary security measures to mitigate this vulnerability.
Affected Version(s)
BigFix Platform 9.5
References
CVSS V3.1
Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved