Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm bigfix platform vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-4011
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Ibm Bigfix Platform
3.7
CVSSv3
CVE-2018-1484
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a si...
Ibm Bigfix Platform
4.3
CVSSv3
CVE-2018-1485
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known t...
Ibm Bigfix Platform
7.8
CVSSv3
CVE-2017-1231
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
Ibm Bigfix Platform
5.5
CVSSv3
CVE-2016-0292
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x prior to 9.5.2 allows local users to discover the cleartext system password by reading a report.
Ibm Bigfix 9.0
Ibm Bigfix 9.2
Ibm Bigfix 9.5
Ibm Bigfix 9.1
5.9
CVSSv3
CVE-2016-0397
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x prior to 9.5.2 allows remote malicious users to obtain sensitive information by sniffing the network for HTTP traffic.
Ibm Bigfix Webreports 9.5
Ibm Bigfix Webreports 9.0
Ibm Bigfix Webreports 9.1
Ibm Bigfix Webreports 9.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5