CVE-2019-4013

Published: Apr 10, 2019Modified: Jun 17, 2026

9.9

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: NVD

Description

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

Affected (1)

Products: Ibm: Bigfix Platform

Ibm

1 product

Bigfix Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Bigfix Platform	From 9.5.0 to 9.5.11

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html

Source: psirt@us.ibm.com

http://www.ibm.com/support/docview.wss?uid=ibm10874666

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/155887

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/docview.wss?uid=ibm10874666

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/155887

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.