cnvd - cnvd-2018-25407

CNVD-2018-25407

Vulnerability from cnvd - Published: 2018-12-14

Title

IBM BigFix Platform信息泄露漏洞（CNVD-2018-25407）

Description

IBM BigFix Platform是美国IBM公司的一套动态的集成了消息内容驱动和管理系统的多技术平台。 IBM BigFix Platform9.5版本至9.5.9版本和9.2版本至9.2.14版本中存在信息泄露漏洞，该漏洞源于程序将敏感信息存储在URL中，攻击者可通过服务器日志、referrer报头或浏览器历史记录访问URL利用该漏洞获取信息。

Severity

低

Patch Name

IBM BigFix Platform信息泄露漏洞（CNVD-2018-25407）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/docview.wss?uid=ibm10733605

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-1481

Impacted products

Name
['IBM BigFix platform >=9.2.0 ，<= 9.2.14', 'IBM BigFix platform >=9.5，<= 9.5.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1481"
    }
  },
  "description": "IBM BigFix Platform\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u52a8\u6001\u7684\u96c6\u6210\u4e86\u6d88\u606f\u5185\u5bb9\u9a71\u52a8\u548c\u7ba1\u7406\u7cfb\u7edf\u7684\u591a\u6280\u672f\u5e73\u53f0\u3002\n\nIBM BigFix Platform9.5\u7248\u672c\u81f39.5.9\u7248\u672c\u548c9.2\u7248\u672c\u81f39.2.14\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5b58\u50a8\u5728URL\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u670d\u52a1\u5668\u65e5\u5fd7\u3001referrer\u62a5\u5934\u6216\u6d4f\u89c8\u5668\u5386\u53f2\u8bb0\u5f55\u8bbf\u95eeURL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/docview.wss?uid=ibm10733605",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25407",
  "openTime": "2018-12-14",
  "patchDescription": "IBM BigFix Platform\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u52a8\u6001\u7684\u96c6\u6210\u4e86\u6d88\u606f\u5185\u5bb9\u9a71\u52a8\u548c\u7ba1\u7406\u7cfb\u7edf\u7684\u591a\u6280\u672f\u5e73\u53f0\u3002\r\n\r\nIBM BigFix Platform9.5\u7248\u672c\u81f39.5.9\u7248\u672c\u548c9.2\u7248\u672c\u81f39.2.14\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5b58\u50a8\u5728URL\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u670d\u52a1\u5668\u65e5\u5fd7\u3001referrer\u62a5\u5934\u6216\u6d4f\u89c8\u5668\u5386\u53f2\u8bb0\u5f55\u8bbf\u95eeURL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM BigFix Platform\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-25407\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM BigFix platform \u003e=9.2.0 \uff0c\u003c= 9.2.14",
      "IBM BigFix platform \u003e=9.5\uff0c\u003c= 9.5.9"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1481",
  "serverity": "\u4f4e",
  "submitTime": "2018-12-13",
  "title": "IBM BigFix Platform\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-25407\uff09"
}

CVE-2018-1481 (GCVE-0-2018-1481)

Vulnerability from cvelistv5 – Published: 2018-12-12 16:00 – Updated: 2024-09-16 20:13

Summary

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763.

Severity ?

3.7 (Low)


                        
                          CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10733605	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	BigFix Platform	Affected: 9.5.9 Affected: 9.2.0 Affected: 9.2.14 Affected: 9.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
          },
          {
            "name": "ibm-bigfix-cve20181481-info-disc(140763)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140763"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BigFix Platform",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.5.9"
            },
            {
              "status": "affected",
              "version": "9.2.0"
            },
            {
              "status": "affected",
              "version": "9.2.14"
            },
            {
              "status": "affected",
              "version": "9.5.0"
            }
          ]
        }
      ],
      "datePublic": "2018-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-12T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
        },
        {
          "name": "ibm-bigfix-cve20181481-info-disc(140763)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140763"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-10T00:00:00",
          "ID": "CVE-2018-1481",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BigFix Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.5.9"
                          },
                          {
                            "version_value": "9.2.0"
                          },
                          {
                            "version_value": "9.2.14"
                          },
                          {
                            "version_value": "9.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
            },
            {
              "name": "ibm-bigfix-cve20181481-info-disc(140763)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140763"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1481",
    "datePublished": "2018-12-12T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:13:21.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-25407

CVE-2018-1481 (GCVE-0-2018-1481)

Tags

Sightings

Nomenclature