Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-4013

CWE-434Unrestricted File Upload5 documents5 sources
Severity
9.9CRITICAL
EPSS
16.1%
top 5.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Bigfix Platform
Timeline
PublishedApr 10
Latest updateMay 13

Description

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

NVDibm/bigfix_platform9.5.09.5.11
CVEListV5ibm/bigfix_platform9.5

🔴Vulnerability Details

3
GHSA
GHSA-j7cc-79cv-hx68: IBM BigFix Platform 92022-05-13
OSV
liblivemedia vulnerabilities2021-03-15
CVEList
CVE-2019-4013: IBM BigFix Platform 92019-04-10

💥Exploits & PoCs

1
Exploit-DB
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload2019-10-07
CVE-2019-4013 (CRITICAL CVSS 9.9) | IBM BigFix Platform 9.5 could allow | cvebase.io