IBM BigFix Platform CVE-2017-1221 Security Weakness

IBM BigFix Platform is prone to a security weakness.

Successfully exploiting this issue may allow attackers to bypass security mechanism or to gain access to sensitive information. This may lead to other attacks.
Versions prior to IBM BigFix 9.5.4 and 9.2.9 are vulnerable.

Information

Bugtraq ID: 101683
Class: Design Error
CVE: CVE-2017-1221

Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza.
Vulnerable: IBM BigFix Platform 9.5.4
IBM BigFix Platform 9.5.2
IBM BigFix Platform 9.2.9
IBM BigFix Platform 9.2.8
IBM BigFix Platform 9.2.6

Not Vulnerable: IBM BigFix Platform 9.5.5
IBM BigFix Platform 9.2.10

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.

References:

IBM Homepage (IBM)
swg22010177:BigFix Platform versions 9.5 and 9.2 have a vulnerability fixed in p (IBM)

Source: www.securityfocus.com

Exploit Collector

Search Exploit