Medium Severity

IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)

Share this post:

Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).

CVE(s): CVE-2019-4061

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.5 – 9.5.11
BigFix Platform 9.2 – 9.2.16

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869

More stories

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

August 18, 2022 | Medium Severity

The SANnav Management Portal and Global View products vulnerability due to improper input validation within the Utility component in Oracle GraalVM Enterprise Edition. ...read more


Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

August 18, 2022 | Medium Severity

The SANnav Management Portal and Global View products vulnerability due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. ...read more