IBM BigFix Platform 9.2.x < 9.2.15 / 9.5.x < 9.5.10 Multiple Vulnerabilities

high Nessus Plugin ID 119843

Synopsis

An infrastructure management application running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by multiple vulnerabilities :

- IBM BigFix Platform is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
(CVE-2018-1474)

- IBM BigFix Platform does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker.
(CVE-2018-1485)

- OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. (CVE-2018-0739)

In addition, IBM BigFix Platform is also affected by several additional vulnerabilities including multiple information disclosure vulnerabilities, a clickjacking vulnerability, multiple sensitive cookie weakened security vulnerabilities, and a session hijacking vulnerability.

IBM BigFix Platform was formerly known as Tivoli Endpoint Manager, IBM Endpoint Manager, and IBM BigFix Endpoint Manager.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to IBM BigFix Platform version 9.2.15 / 9.5.10 or later.

See Also

https://www-01.ibm.com/support/docview.wss?uid=ibm10733605

Plugin Details

Severity: High

ID: 119843

File Name: ibm_tem_9_5_10.nasl

Version: 1.5

Type: remote

Family: Web Servers

Published: 12/21/2018

Updated: 5/26/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-1481

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2018-1476

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_endpoint_manager, cpe:/a:ibm:bigfix_platform

Required KB Items: www/BigFixHTTPServer

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2018

Vulnerability Publication Date: 12/10/2018

Reference Information

CVE: CVE-2018-0739, CVE-2018-1474, CVE-2018-1476, CVE-2018-1478, CVE-2018-1480, CVE-2018-1481, CVE-2018-1484, CVE-2018-1485