CVE-2019-4013

9CRITICAL

Key Information:

Vendor: IBM
Status: Bigfix Platform
Vendor: CVE Published:; 10 April 2019

Summary

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

Affected Version(s)

BigFix Platform 9.5

References

http://www.ibm.com/support/docview.wss?uid=ibm10874666

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/155887

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/154747/IBM-Bigfix-Pl...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 10, 2019
Vulnerability Reserved
Jan 3, 2019