Vulnerability Details : CVE-2019-4013
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
Exploit prediction scoring system (EPSS) score for CVE-2019-4013
Probability of exploitation activity in the next 30 days: 0.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-4013
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
|
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST |
|
9.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
IBM Corporation |
CWE ids for CVE-2019-4013
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4013
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/155887
IBM BigFix Platform code execution CVE-2019-4013 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=ibm10874666
IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)Vendor Advisory
-
http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html
IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution ≈ Packet Storm
Products affected by CVE-2019-4013
- cpe:2.3:a:ibm:bigfix_platform:*:*:*:*:*:*:*:*