IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-1471, CVE-2018-1473, CVE-2018-1479, CVE-2018-1475)

Apr 26, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

The BigFix Platform versions 9.2 and 9.5 are exhibiting vulnerabilities in the following categories: HTTPS authentication support, Clear text passwords over the internet, Cross site scripting, Cross site request forgery, improper restriction of excessive authentication attempts. These vulnerabilities have been addressed in patch releases 9.2.14 and 9.5.9 respectively.

CVE(s): CVE-2018-1471 , CVE-2018-1473 , CVE-2018-1479, CVE-2018-1475

Affected product(s) and affected version(s):

BigFix Platform Version 9.2, BigFix Platform Version 9.5 

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22015754
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140689
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140691
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140761
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140756

from IBM Product Security Incident Response Team https://ift.tt/2r6TbRR