Medium Severity

IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)

Feb 23, 2019 9:01 am EDT

Categorized: Medium Severity

Share this post:

Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).

CVE(s): CVE-2019-4061

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

 Affected Versions
BigFix Platform 9.5 – 9.5.11
BigFix Platform 9.2 – 9.2.16

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869


Previous Post

IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019)

Next Post

IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732)
More stories

IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842)

Apr 24, 2019 9:01 am EDT | Medium Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in cURL. CVE(s): CVE-2018-16840, CVE-2018-16842 Affected product(s) and affected version(s): Product Affected Version IBM Dynamic System Analysis (DSA) Preboot 9.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10882106X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152299X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152300 ...read more

IBM Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)

Apr 24, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2018-14042, CVE-2018-14041, CVE-2018-14040 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10880955X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146466X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146467X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146468 ...read more

IBM Security Bulletin: IBM InfoSphere Data Quality Exception Console is affected by a Reflected XSS (Cross-Site Scripting) vulnerability

Apr 24, 2019 9:01 am EDT | Medium Severity

A Reflected XSS (Cross-Site Scripting) vulnerability was addressed by IBM InfoSphere Data Quality Exception Console. CVE(s): CVE-2019-4238 Affected product(s) and affected version(s): The following products, running on all supported platforms, are affected: IBM InfoSphere Data Quality Exception Console: versions 11.3, 11.5, and 11.7 IBM InfoSphere Information Server on Cloud: version 11.5, and 11.7 Refer to ...read more