Vulnerabilities > IBM > Bigfix Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-20 | CVE-2019-4058 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. | 6.5 |
| 2019-05-20 | CVE-2019-4011 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 5.4 |
| 2019-05-20 | CVE-2018-2005 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. | 3.3 |
| 2019-04-10 | CVE-2019-4013 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. | 9.9 |
| 2019-02-27 | CVE-2019-4061 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. | 5.3 |
| 2018-12-12 | CVE-2018-1485 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.3 |
| 2018-12-12 | CVE-2018-1484 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2018-12-12 | CVE-2018-1481 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. | 5.3 |
| 2018-12-12 | CVE-2018-1480 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. | 5.3 |
| 2018-12-12 | CVE-2018-1478 | Improper Input Validation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |