CVE-2017-1218

Published: Jul 19, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.

Affected (5)

Products: Ibm: Bigfix Platform

1 product

Bigfix Platform

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Bigfix Platform	Version 9.2.6
Ibm Bigfix Platform	Version 9.2.7
Ibm Bigfix Platform	Version 9.5.5
Ibm Bigfix Platform	Version 9.5.6
Ibm Bigfix Platform	Version 9.5

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://www.ibm.com/support/docview.wss?uid=swg22005246

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/101571

Source: psirt@us.ibm.com

http://www.securityfocus.com/bid/99916

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/123858

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg22005246

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/101571

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/99916

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/123858

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.