Vulnerabilities > IBM > Bigfix Platform > 9.5.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-1476 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. | 7.5 |
| 2018-12-12 | CVE-2018-1474 | Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 4.7 |
| 2018-10-12 | CVE-2017-1231 | Insufficiently Protected Credentials vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-06-04 | CVE-2018-1600 | Cleartext Transmission of Sensitive Information vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2018-04-27 | CVE-2018-1479 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-04-27 | CVE-2018-1475 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2018-04-27 | CVE-2018-1473 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 6.1 |