Vulnerability CVE-2019-4061


Published: 2019-02-27   Modified: 2019-02-28

Description:
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IBM -> Bigfix platform 

 References:
http://www.ibm.com/support/docview.wss?uid=ibm10870242
http://www.rapid7.com/db/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum
http://www.securityfocus.com/bid/107189
https://exchange.xforce.ibmcloud.com/vulnerabilities/156869

Copyright 2024, cxsecurity.com

 

Back to Top