CVE-2019-4013

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
ibmCNA
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AC:L/C:H/UI:R/A:H/I:H/PR:L/S:C/AV:N/RC:C/RL:O/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
ibmbigfix_platform
9.5.0 ≤
𝑥
≤ 9.5.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
http://www.ibm.com/support/docview.wss?uid=ibm10874666
https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
http://www.ibm.com/support/docview.wss?uid=ibm10874666
https://exchange.xforce.ibmcloud.com/vulnerabilities/155887