Friday, May 17, 2019

IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)

There are vulnerabilities in the areas of cross-site scripting, sensitive information viewable in memory, a possible authorization bypass, and in OpenSSL and LibcURL libraries that are used by BigFix. These are addressed in the BigFix Platform 9.2.18 and 9.5.13 releases.

CVE(s): CVE-2018-16389, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559

Affected product(s) and affected version(s):

CVE-to-Component Breakdown

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10881996
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152298
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152300
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152299
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156650
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156651
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156649
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155885
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155007
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156570
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514

The post IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559) appeared first on IBM PSIRT Blog.

CVEs

Affected Components
CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2015-3823, CVE-2019-3822, CVE-2018-16890 Any BigFix component except for the client uses libcurl.
CVE-2019-4011 Server
CVE-2018-2005 Console
CVE-2019-4058 Server
CVE-2019-1559 All

Affected IBM BigFix Platform

Affected Versions
BigFix Platform 9.2 – 9.2.17
BigFix Platform 9.5 – 9.5.12


from IBM Product Security Incident Response Team https://ibm.co/2YsA8Q2

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.