CyberSec.Space Logo
Back to CVE Browser

CVE-2019-4013

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile26.51th
PublishedApr 10, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

Affected Platforms (CPE)

πŸ“¦
Ibm

Bigfix Platform

>= 9.5.0 and <= 9.5.11

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
πŸ”— http://www.ibm.com/support/docview.wss?uid=ibm10874666
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
πŸ”— http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
πŸ”— http://www.ibm.com/support/docview.wss?uid=ibm10874666
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/155887

Related Vulnerabilities

CVE-2016-608210.0

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race conditi...

CVE-2018-14759.8

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force accou...

CVE-2018-14798.8

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

CVE-2016-02918.8

IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by ...