Vulnerability Details : CVE-2019-4013
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
Products affected by CVE-2019-4013
- cpe:2.3:a:ibm:bigfix_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-4013
13.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-4013
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
|
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST | |
|
9.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
IBM Corporation |
CWE ids for CVE-2019-4013
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4013
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
IBM BigFix Platform code execution CVE-2019-4013 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=ibm10874666
IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)Vendor Advisory
-
http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution ≈ Packet Storm
Jump to