CVE-2019-4013
9
CVSS:3.0/AC:L/C:H/UI:R/A:H/I:H/PR:L/S:C/AV:N/RC:C/RL:O/E:U
Summary
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | BigFix Platform | 9.5 | affected |
Weaknesses
- Gain Privileges
ADP Enrichment
CVE Program Container
Additional References
- http://www.ibm.com/support/docview.wss?uid=ibm10874666
- https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
- http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
References
- http://www.ibm.com/support/docview.wss?uid=ibm10874666
- https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
- http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.