Vulnerabilities > IBM > Bigfix Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-1476 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. | 7.5 |
| 2018-12-12 | CVE-2018-1474 | Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 4.7 |
| 2018-10-12 | CVE-2017-1231 | Insufficiently Protected Credentials vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-06-04 | CVE-2018-1600 | Cleartext Transmission of Sensitive Information vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2018-04-27 | CVE-2018-1479 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-04-27 | CVE-2018-1475 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2018-04-27 | CVE-2018-1473 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 6.1 |
| 2018-02-28 | CVE-2016-0295 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
| 2017-11-13 | CVE-2017-1229 | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |