Skip to main content

Bigfix Platform CVE-2016-0214

HIGH
Improper Access Control (CWE-284)
2017-02-08 psirt@us.ibm.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 08, 2017 - 22:59 cve.org
HIGH 7.8

DescriptionCVE.org

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.

AnalysisAI

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. Affected products include: Ibm Bigfix Platform.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4013 CRITICAL POC
9.9 Apr 10

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root pr

CVE-2016-6082 CRITICAL
10.0 Feb 01

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free ra

CVE-2017-1221 CRITICAL
9.8 Nov 13

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default

CVE-2018-1475 CRITICAL
9.8 Apr 27

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute f

CVE-2019-4061 MEDIUM POC
5.3 Feb 27

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the upd

CVE-2017-1218 HIGH
8.8 Jul 19

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicio

CVE-2024-23554 HIGH
8.8 May 18

Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (R

CVE-2023-37536 HIGH
8.8 Oct 11

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP

CVE-2018-1479 HIGH
8.8 Apr 27

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute mal

CVE-2016-0396 HIGH
8.1 Feb 01

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed wit

CVE-2022-38659 HIGH
7.8 Dec 19

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-d

CVE-2017-1227 HIGH
7.5 Jul 31

IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. Rated high se

Share

CVE-2016-0214 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy