Medium Severity

IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)

Share this post:

Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).

CVE(s): CVE-2019-4061

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.5 – 9.5.11
BigFix Platform 9.2 – 9.2.16

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869

More stories

IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Process Orchestration Web Service logging

Oct 11, 2019 9:02 am EDT | Medium Severity

A security vulnerability in IBM FileNet Content Manager and Case Foundation, in some case, could contain user information in the log when Process Orchestration Web Services is invoked. CVE(s): CVE-2019-4572 Affected product(s) and affected version(s): FileNet Content Manager and Case Foundation 5.5.2, 5.5.3. This security vulnerability only exists in 5.5.2.0-P8CPE-IF001, 5.5.2.0-P8CPE-IF002 and 5.5.3.0-P8CPE (GA). Refer ...read more


IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation are affected by Publicly disclosed vulnerability in Java July 2019

Oct 11, 2019 9:02 am EDT | Medium Severity

IBM FileNet Content Manager and Case Foundation has addressed the following vulnerabilities in versions 5.5.2 and 5.5.3. CVE(s): CVE-2019-2762, CVE-2019-2769 Affected product(s) and affected version(s): FileNet Content Manager and Case Foundation 5.5.2, 5.5.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://supportcontent.ibm.com/support/pages/node/967409X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163826X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163832 ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2019-4512)

Oct 8, 2019 9:02 am EDT | Medium Severity

IBM Maximo Asset Management generates an error message that includes sensitive information that could be used in further attacks against the system. CVE(s): CVE-2019-4512 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, ...read more