Vulnerabilities > IBM > Bigfix Platform > 9.1.4

DATE CVE VULNERABILITY TITLE RISK
2018-02-28 CVE-2016-0291 OS Command Injection vulnerability in IBM Bigfix Platform
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access.
network
low complexity
ibm CWE-78
critical
 9.0
9.0
2017-07-19 CVE-2017-1219 XXE vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
5.5
2017-07-19 CVE-2017-1203 Cross-site Scripting vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2016-09-01 CVE-2016-0293 Cross-site Scripting vulnerability in IBM Bigfix Platform
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.
network
ibm CWE-79
4.3
4.3
2016-07-15 CVE-2016-0269 Cross-site Scripting vulnerability in IBM Bigfix Platform
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5