Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-4061

CWE-200Information Exposure5 documents5 sources
Severity
5.3MEDIUM
EPSS
80.3%
top 0.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Bigfix Platform
Timeline
PublishedFeb 27
Latest updateMay 13

Description

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/bigfix_platform9.29.2.16+1
CVEListV5ibm/bigfix_platform9.2, 9.5+1

🔴Vulnerability Details

3
GHSA
GHSA-wr9c-mhm3-3p93: IBM BigFix Platform 92022-05-13
CVEList
CVE-2019-4061: IBM BigFix Platform 92019-02-27
VulnCheck
IBM bigfix_platform Exposure of Sensitive Information to an Unauthorized Actor2019

💥Exploits & PoCs

1
Nuclei
IBM BigFix Platform - Information Disclosure
CVE-2019-4061 (MEDIUM CVSS 5.3) | IBM BigFix Platform 9.2 and 9.5 cou | cvebase.io