Ibm: >> Bigfix Platform >> 9.1.7 Security Vulnerabilities
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.
CVSS Score
8.8
EPSS Score
0.052
Published
2018-02-28
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-19
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-07-19
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-09-01
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-07-15