CVE-2018-2005

CWE-200Information Exposure6 documents6 sources
Severity
3.3LOW
EPSS
0.0%
top 91.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Bigfix Platform
Timeline
PublishedMay 20
Latest updateMay 24

Description

IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/bigfix_platform9.29.2.17+1
CVEListV5ibm/bigfix_platform9.2, 9.5+1

🔴Vulnerability Details

2
GHSA
GHSA-6mjm-v4f4-mxf5: IBM BigFix Platform 92022-05-24
CVEList
CVE-2018-2005: IBM BigFix Platform 92019-05-20

💥Exploits & PoCs

1
Exploit-DB
Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)2019-02-22

💬Community

1
Bugzilla
CVE-2018-8956 ntp: ntpd allows remote attackers to prevent a broadcast client from synchronizing its clock2020-06-18
CVE-2018-2005 (LOW CVSS 3.3) | IBM BigFix Platform 9.2 and 9.5 sto | cvebase.io