High Severity

IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)

Share this post:

There are vulnerabilities in the OpenSSL, Query and YUI libraries used by BigFix, and a BigFix-specific vulnerability allowing unauthorized uploads. These are addressed in the BigFix Platform 9.5.12 releases.

CVE(s): CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251

Affected product(s) and affected version(s):

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.5 – 9.5.11

CVE-to-Component Breakdown

CVEs

Affected Components

CVE-2019-4013

Server on Linux
CVE-2018-5407 All components
CVE-2012-5883 WebReports
CVE-2012-6708 WebReports
CVE-2015-9251 WebReports

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10874666
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/80116
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138055
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138029

More stories

Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)

Sep 17, 2020 8:00 pm EDT | High Severity

WebSphere Application Server is vulnerable to an information exposure vulnerability. This has been addressed. ...read more


Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Sep 16, 2020 8:00 pm EDT | High Severity

WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. ...read more


Security Bulletin: Vulnerability in Apache Batik library affects IBM Cúram Social Program Management (CVE-2019-17566)

Sep 15, 2020 8:01 pm EDT | High Severity

IBM Cúram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. ...read more