Vulnerabilities > IBM > Bigfix Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6085 | Improper Access Control vulnerability in IBM Bigfix Platform IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | 6.5 |
| 2017-02-01 | CVE-2016-6084 | Improper Input Validation vulnerability in IBM Bigfix Platform 9.0/9.1 IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | 6.5 |
| 2016-09-01 | CVE-2016-0293 | Cross-site Scripting vulnerability in IBM Bigfix Platform Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | 6.1 |
| 2016-07-15 | CVE-2016-0269 | Cross-site Scripting vulnerability in IBM Bigfix Platform Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |