Ibm: >> Bigfix Platform Security Vulnerabilities
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-19
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-07-19
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-07-19
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-19
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-07-19
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-02-08
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Score
10.0
EPSS Score
0.06
Published
2017-02-01
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-02-01
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-02-01
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-02-01