IBM BigFix Platform is prone to a security weakness.
Successfully exploiting this issue may allow attackers to bypass security mechanism or to gain access to sensitive information. This may lead to other attacks.
Versions prior to IBM BigFix 9.5.4 and 9.2.9 are vulnerable.
Information
Bugtraq ID: 101683Class: Design Error
CVE: CVE-2017-1221
Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza.
Vulnerable: IBM BigFix Platform 9.5.4
IBM BigFix Platform 9.5.2
IBM BigFix Platform 9.2.9
IBM BigFix Platform 9.2.8
IBM BigFix Platform 9.2.6
Not Vulnerable: IBM BigFix Platform 9.5.5
IBM BigFix Platform 9.2.10
Exploit
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.
References:
