CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-4013

CVSS 9.0v3.0pub. 2019-04-10upd. 2024-11-21

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • IBM Bigfix Platform

    APP
    Ibm
    9.5.0 – 9.5.11
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-1475CRITICAL9.8ten sam produkt

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker ...

CVE-2017-1221CRITICAL9.8ten sam produkt

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords ...

CVE-2016-6082CRITICAL10.0ten sam produkt

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-aft...

CVE-2018-1600HIGH8.6ten sam produkt

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication...

CVE-2018-1479HIGH8.8ten sam produkt

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to e...