Internet-facing relays, if any, in a BigFix deployment might be configured as non-authenticating, which exposes the deployment to security risks. Security attacks in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords).
CVE(s): CVE-2019-4061
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156869
The post IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061) appeared first on IBM PSIRT Blog.
|
Affected IBM BigFix Platform |
Affected Versions |
| BigFix Platform | 9.5 – 9.5.11 |
| BigFix Platform | 9.2 – 9.2.16 |
from IBM Product Security Incident Response Team https://ift.tt/2GHrqbT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.