High Severity

IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)

Share this post:

There are vulnerabilities in the areas of cross-site scripting, sensitive information viewable in memory, a possible authorization bypass, and in OpenSSL and LibcURL libraries that are used by BigFix. These are addressed in the BigFix Platform 9.2.18 and 9.5.13 releases.

CVE(s): CVE-2018-16389, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.2 – 9.2.17
BigFix Platform 9.5 – 9.5.12

CVE-to-Component Breakdown

CVEs

Affected Components
CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2015-3823, CVE-2019-3822, CVE-2018-16890 Any BigFix component except for the client uses libcurl.
CVE-2019-4011 Server
CVE-2018-2005 Console
CVE-2019-4058 Server
CVE-2019-1559 All

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10881996
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152298
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152300
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152299
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156650
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156651
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156649
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155885
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155007
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156570
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514

More stories

IBM Security Bulletin: Vulnerability in Apache ActiveMQ Affects IBM Control Center (CVE-2019-0222)

May 23, 2019 9:01 am EDT | High Severity

IBM Control center is affected by a Corrupt MQTT frame that can cause broker shutdown in Apache ActiveMQ. CVE(s): CVE-2019-0222 Affected product(s) and affected version(s): IBM Control Center 6.0.0.0 through 6.0.0.2 iFix05 IBM Control Center 6.1.0.0 through 6.1.2.0 iFix01 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881171X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158686 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance

May 23, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 used by IBM MQ and IBM MQ Appliance. IBM MQ and IBM Appliance have addressed the applicable CVEs. CVE(s): CVE-2019-2449, CVE-2019-2422, CVE-2018-12549 Affected product(s) and affected version(s): IBM MQ and IBM MQ Appliance 9.1 Long Term Support (LTS) Maintenance levels 9.1.0.1 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server

May 23, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2019. CVE(s): CVE-2018-1890, CVE-2018-12549, CVE-2018-12547, CVE-2019-2422, CVE-2019-2426 Affected product(s) and affected version(s): The following products, running on all ...read more