Medium Severity
IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)
February 23, 2019
Categorized: Medium Severity
Share this post:
Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).
CVE(s): CVE-2019-4061
Affected product(s) and affected version(s):
Affected IBM BigFix Platform |
Affected Versions |
BigFix Platform | 9.5 – 9.5.11 |
BigFix Platform | 9.2 – 9.2.16 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
August 18, 2022 | Medium Severity
The SANnav Management Portal and Global View products vulnerability due to improper input validation within the Utility component in Oracle GraalVM Enterprise Edition. ...read more
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
August 18, 2022 | Medium Severity
The SANnav Management Portal and Global View products vulnerability due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. ...read more
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component
August 17, 2022 | Medium Severity
IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the applicable CVE. ...read more