Vulnerabilities > IBM > Bigfix Platform > 9.2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-1474 | Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 4.7 |
| 2018-06-04 | CVE-2018-1600 | Cleartext Transmission of Sensitive Information vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2018-04-27 | CVE-2018-1479 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-04-27 | CVE-2018-1475 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2018-04-27 | CVE-2018-1473 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 6.1 |
| 2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
| 2017-07-19 | CVE-2017-1224 | Inadequate Encryption Strength vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-07-19 | CVE-2017-1223 | Open Redirect vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-07-19 | CVE-2017-1219 | XXE vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.5 |
| 2017-07-19 | CVE-2017-1218 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |