Vulnerabilities > IBM > Bigfix Platform > 9.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2017-1218 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-19 | CVE-2017-1203 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-08 | CVE-2016-0214 | Improper Access Control vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. | 7.8 |
| 2017-02-01 | CVE-2016-6085 | Improper Access Control vulnerability in IBM Bigfix Platform IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | 6.5 |
| 2017-02-01 | CVE-2016-6082 | Use After Free vulnerability in IBM Bigfix Platform IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. | 10.0 |
| 2017-02-01 | CVE-2016-0396 | Command Injection vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | 8.1 |
| 2017-02-01 | CVE-2016-0297 | Information Exposure vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | 3.7 |
| 2017-02-01 | CVE-2016-0296 | Information Exposure Through Log Files vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | 3.3 |