Published: 10/04/2019 Updated: 07/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm bigfix platform

# Exploit Title: IBM Bigfix Platform 95962 - Arbitrary File Upload # Date: 2018-12-11 # Exploit Authors: Jakub Palaczynski # Vendor Homepage: wwwibmcom/ # Version: IBM Bigfix Platform <= 95962 # CVE: CVE-2019-4013 Description: ============ Any authenticated (even unprivileged) user can upload any file to any location on the se ...

IBM Bigfix Platform version 95962 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution ...

CWE-434 https://exchange.xforce.ibmcloud.com/vulnerabilities/155887 http://www.ibm.com/support/docview.wss?uid=ibm10874666 http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47470

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-4013

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect