High Severity

IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)

Share this post:

There are vulnerabilities in the OpenSSL, Query and YUI libraries used by BigFix, and a BigFix-specific vulnerability allowing unauthorized uploads. These are addressed in the BigFix Platform 9.5.12 releases.

CVE(s): CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.5 – 9.5.11

CVE-to-Component Breakdown

CVEs

Affected Components

CVE-2019-4013

Server on Linux
CVE-2018-5407 All components
CVE-2012-5883 WebReports
CVE-2012-6708 WebReports
CVE-2015-9251 WebReports

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10874666
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/80116
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138055
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138029

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jul 2020

Oct 22, 2020 8:00 pm EDT | High Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3 and IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.4 to 4.1.0.5. These issues were disclosed as part of the IBM Java SDK updates in July 2020. ...read more


Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Oct 22, 2020 8:00 pm EDT | High Severity

IBM Security Guardium has fixed this vulnerability ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Oct 22, 2020 8:00 pm EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. ...read more