Vulnerabilities > IBM > Bigfix Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-20 | CVE-2019-4058 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. | 6.5 |
| 2019-05-20 | CVE-2019-4011 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 5.4 |
| 2019-02-27 | CVE-2019-4061 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. | 5.3 |
| 2018-12-12 | CVE-2018-1485 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.3 |
| 2018-12-12 | CVE-2018-1481 | Information Exposure vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. | 5.3 |
| 2018-12-12 | CVE-2018-1480 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. | 5.3 |
| 2018-12-12 | CVE-2018-1478 | Improper Input Validation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2018-12-12 | CVE-2018-1474 | Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 4.7 |
| 2018-04-27 | CVE-2018-1473 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 6.1 |
| 2017-11-13 | CVE-2017-1229 | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |