) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-1220 |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. Published: October 26, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2017-1227 |
IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. Published: July 31, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
| CVE-2017-1219 |
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. Published: July 19, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.5 MEDIUM |
| CVE-2017-1203 |
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. Published: July 19, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-0214 |
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. Published: February 08, 2017; 5:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-6085 |
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. Published: February 01, 2017; 3:59:02 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
| CVE-2016-6082 |
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system. Published: February 01, 2017; 3:59:02 PM -0500 |
V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 10.0 HIGH |
| CVE-2016-0396 |
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. Published: February 01, 2017; 3:59:00 PM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-0297 |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. Published: February 01, 2017; 3:59:00 PM -0500 |
V4.0:(not available) V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
| CVE-2016-0296 |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Published: February 01, 2017; 3:59:00 PM -0500 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |