High Severity

IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)

Share this post:

There are vulnerabilities in the areas of cross-site scripting, sensitive information viewable in memory, a possible authorization bypass, and in OpenSSL and LibcURL libraries that are used by BigFix. These are addressed in the BigFix Platform 9.2.18 and 9.5.13 releases.

CVE(s): CVE-2018-16389, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.2 – 9.2.17
BigFix Platform 9.5 – 9.5.12

CVE-to-Component Breakdown

CVEs

Affected Components
CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2015-3823, CVE-2019-3822, CVE-2018-16890 Any BigFix component except for the client uses libcurl.
CVE-2019-4011 Server
CVE-2018-2005 Console
CVE-2019-4058 Server
CVE-2019-1559 All

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10881996
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152298
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152300
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152299
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156650
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156651
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156649
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155885
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155007
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156570
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514

More stories

IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator

Aug 19, 2019 12:13 pm EDT | High Severity

IBM Sterling B2B Integrator Standard Edition has addressed the IBM MQ security vulnerabilities CVE(s): CVE-2019-4039, CVE-2019-4055, CVE-2019-4078, CVE-2018-1925, CVE-2019-4239, CVE-2018-1998, CVE-2018-1974, CVE-2018-1792, CVE-2017-1786, CVE-2018-1684, CVE-2019-4261 Affected product(s) and affected version(s):IBM Sterling B2B Integrator 5.0.0.1 – 5.2.6.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10967151X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156163X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156564X-Force Database: ...read more


IBM Security Bulletin: API Connect V2018 (ova) is impacted by vulnerabilities in Ubuntu OS (CVE-2019-4504)

Aug 19, 2019 12:13 pm EDT | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-4504 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10961550X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/164363 ...read more


IBM Security Bulletin: API Connect V2018 is impacted by a information disclosure vulnerability (CVE-2019-4437)

Aug 19, 2019 12:12 pm EDT | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-4437 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10960876X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162947 ...read more