Ibm: >> Bigfix Platform >> 9.2 Security Vulnerabilities
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-26
IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-31
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-19
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-07-19
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-02-08
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Score
10.0
EPSS Score
0.06
Published
2017-02-01
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-02-01
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-02-01
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
CVSS Score
3.7
EPSS Score
0.002
Published
2017-02-01
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-02-01