Medium Severity

IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)

Share this post:

Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).

CVE(s): CVE-2019-4061

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.5 – 9.5.11
BigFix Platform 9.2 – 9.2.16

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869

More stories

IBM Security Bulletin: Multiple vulnerabilities in Open Source Libreswan affect IBM Netezza Host Management

Aug 21, 2019 9:01 am EDT | Medium Severity

Open Source Libreswan is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. CVE(s): CVE-2019-12312, CVE-2019-10155 Affected product(s) and affected version(s): IBM Netezza Host Management 5.4.7.0 – 5.4.24.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10961690X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161562X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162652 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server

Aug 21, 2019 9:01 am EDT | Medium Severity

Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere Information Server. CVE(s): CVE-2015-5211, CVE-2015-3192 Affected product(s) and affected version(s):The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server : versions 11.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10887121X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130673X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115554 ...read more


IBM Security Bulletin: Vulnerability in NTP affects AIX (CVE-2019-8936) Security Bulletin

Aug 20, 2019 9:01 am EDT | Medium Severity

There is a vulnerability in NTPv3 and NTPv4 that affects AIX. CVE(s): CVE-2019-8936 Affected product(s) and affected version(s):AIX 7.1, 7.2 VIOS 2.2, 3.1 The vulnerabilities in the following filesets are being addressed: key_fileset = aix For NTPv3: Fileset Lower Level Upper Level KEY PRODUCT(S) ——————————————————————— bos.net.tcp.client 6.1.9.0 6.1.9.404 key_w_fs NTPv3 bos.net.tcp.client 7.1.4.0 7.1.4.35 key_w_fs NTPv3 ...read more