CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1475

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile33.49th
PublishedApr 27, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.

Affected Platforms (CPE)

πŸ“¦
Ibm

Bigfix Platform

>= 9.2 and <= 9.2.13
πŸ“¦
Ibm

Bigfix Platform

>= 9.5 and <= 9.5.8

References & Advisories

πŸ”— http://www.ibm.com/support/docview.wss?uid=swg22015754
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/140756
πŸ”— http://www.ibm.com/support/docview.wss?uid=swg22015754
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/140756

Related Vulnerabilities

CVE-2016-608210.0

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race conditi...

CVE-2019-40139.0

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. ...

CVE-2018-14798.8

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

CVE-2016-02918.8

IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by ...