Arbitrary File Upload Vulnerability in IBM BigFix Platform
CVE-2019-4013

9CRITICAL

Key Information:

Vendor
IBM
Status
Bigfix Platform
Vendor
CVE Published:
10 April 2019

Summary

The IBM BigFix Platform 9.5 contains a vulnerability that permits any authenticated user to perform arbitrary file uploads to any location on the server with root privileges. This poses a significant security risk as it enables potential code execution on the underlying system, which could be exploited by attackers to gain unauthorized control. It is essential for users of the affected version to apply patches and take necessary security measures to mitigate this vulnerability.

Affected Version(s)

BigFix Platform 9.5

References

http://www.ibm.com/support/docview.wss?uid=ibm10874666
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
vdb-entryx_refsource_XF
http://packetstormsecurity.com/files/154747/IBM-Bigfix-Pl...
x_refsource_MISC

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.