Every CVE whose affected-product data names Ibm Bigfix Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2016-6082 — CVSS 10.0 (critical): IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An…
CVE-2017-1221 — CVSS 9.8 (critical): IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it…
CVE-2018-1475 — CVSS 9.8 (critical): IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account…
CVE-2019-4013 — CVSS 9.0 (critical): IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This…
CVE-2017-1218 — CVSS 8.8 (high): IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized…
CVE-2016-0295 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to…
CVE-2018-1479 — CVSS 8.8 (high): IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2016-0291 — CVSS 8.8 (high): IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by…
CVE-2018-1600 — CVSS 8.6 (high): IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed…
CVE-2016-0396 — CVSS 8.1 (high): IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary…
CVE-2016-0214 — CVSS 7.8 (high): IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to…
CVE-2017-1224 — CVSS 7.5 (high): IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2017-1227 — CVSS 7.5 (high): IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906.
CVE-2016-6085 — CVSS 6.5 (medium): IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
CVE-2016-6084 — CVSS 6.5 (medium): IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.
CVE-2017-1219 — CVSS 6.5 (medium): IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could…
CVE-2017-1222 — CVSS 6.5 (medium): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or…
CVE-2019-4058 — CVSS 6.5 (medium): IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information…
CVE-2018-1474 — CVSS 6.1 (medium): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper…
CVE-2016-0293 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8…
CVE-2017-1203 — CVSS 6.1 (medium): IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability…
CVE-2018-1478 — CVSS 6.1 (medium): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim…
CVE-2017-1223 — CVSS 6.1 (medium): IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a…
CVE-2017-1521 — CVSS 6.1 (medium): IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to…
CVE-2018-1473 — CVSS 6.1 (medium): IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2017-1229 — CVSS 5.9 (medium): IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure…
CVE-2017-1232 — CVSS 5.9 (medium): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication…
CVE-2019-4011 — CVSS 5.4 (medium): IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-0269 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users…
CVE-2018-1476 — CVSS 5.3 (medium): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can…
CVE-2017-1225 — CVSS 5.3 (medium): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information…
CVE-2017-1230 — CVSS 5.3 (medium): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that…
CVE-2017-1220 — CVSS 5.3 (medium): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be…
CVE-2019-4061 — CVSS 5.3 (medium): IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets…
CVE-2017-1231 — CVSS 4.4 (medium): IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
CVE-2017-1226 — CVSS 4.3 (medium): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information…
CVE-2018-1480 — CVSS 4.0 (medium): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session…
CVE-2017-1228 — CVSS 3.7 (low): IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2016-0297 — CVSS 3.7 (low): IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing…
CVE-2018-1481 — CVSS 3.7 (low): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information…
CVE-2018-1484 — CVSS 3.7 (low): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session…
CVE-2016-0296 — CVSS 3.3 (low): IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available…
CVE-2018-2005 — CVSS 3.3 (low): IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with…
CVE-2018-1485 — CVSS 3.1 (low): IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which…