Medium Severity

IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)

Feb 23, 2019 9:01 am EDT

Categorized: Medium Severity

Share this post:

Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).

CVE(s): CVE-2019-4061

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

 Affected Versions
BigFix Platform 9.5 – 9.5.11
BigFix Platform 9.2 – 9.2.16

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869


Previous Post

IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019)

Next Post

IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732)
More stories

IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter

Jun 16, 2019 9:01 am EDT | Medium Severity

The following vulnerability in strongswan has been addressed by QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter: CVE(s): CVE-2018-10811 Affected product(s) and affected version(s): Product Affected Version QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter Firmware Update 7.10 Refer to the following reference URLs for remediation and ...read more

IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

Jun 16, 2019 9:00 am EDT | Medium Severity

The following vulnerabilities in OpenSSL and strongswan have been addressed by IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru. CVE(s): CVE-2018-0739, CVE-2018-10811 Affected product(s) and affected version(s): Product Affected Version IBM Flex System FC3171 8Gb SAN Switch and IBM Flex System FC3171 8Gb SAN Pass-thru Firmware Update 9.1 Refer to the following reference ...read more

IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

Jun 15, 2019 9:00 am EDT | Medium Severity

IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack CVE(s): CVE-2019-4142 Affected product(s) and affected version(s):IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338 ...read more