CVE-2019-4061
5.3
CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | BigFix Platform | 9.2 | affected |
| IBM | BigFix Platform | 9.5 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/156869
- http://www.securityfocus.com/bid/107189
- http://www.ibm.com/support/docview.wss?uid=ibm10870242
- http://www.rapid7.com/db/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/156869
- http://www.securityfocus.com/bid/107189
- http://www.ibm.com/support/docview.wss?uid=ibm10870242
- http://www.rapid7.com/db/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.