IBM BigFix Compliance up to 1.9.91 URL log file

Summaryinfo

A vulnerability has been found in IBM BigFix Compliance up to 1.9.91 and classified as problematic. Affected is an unknown function of the component URL Handler. This manipulation causes log file. This vulnerability is registered as CVE-2017-1198. Remote exploitation of the attack is possible. No exploit is available.

Detailsinfo

A vulnerability was found in IBM BigFix Compliance up to 1.9.91 (Endpoint Management Software). It has been declared as problematic. Affected by this vulnerability is an unknown part of the component URL Handler. The manipulation with an unknown input leads to a log file vulnerability. The CWE definition for the vulnerability is CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. As an impact it is known to affect confidentiality. The summary by CVE is:

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.

The bug was discovered 10/30/2018. The weakness was published 02/05/2019 (Website). The advisory is shared at exchange.xforce.ibmcloud.com. This vulnerability is known as CVE-2017-1198 since 11/30/2016. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 07/06/2023). It is expected to see the exploit prices for this product increasing in the near future.MITRE ATT&CK project uses the attack technique T1592 for this issue.

The vulnerability was handled as a non-public zero-day exploit for at least 98 days. During that time the estimated underground price was around $5k-$25k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at VDB-130524, VDB-130526 and VDB-130527. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Endpoint Management Software

Vendor

• IBM

Name

• BigFix Compliance

Version

• 1.9.0
• 1.9.1
• 1.9.2
• 1.9.3
• 1.9.4
• 1.9.5
• 1.9.6
• 1.9.7
• 1.9.8
• 1.9.9
• 1.9.10
• 1.9.11
• 1.9.12
• 1.9.13
• 1.9.14
• 1.9.15
• 1.9.16
• 1.9.17
• 1.9.18
• 1.9.19
• 1.9.20
• 1.9.21
• 1.9.22
• 1.9.23
• 1.9.24
• 1.9.25
• 1.9.26
• 1.9.27
• 1.9.28
• 1.9.29
• 1.9.30
• 1.9.31
• 1.9.32
• 1.9.33
• 1.9.34
• 1.9.35
• 1.9.36
• 1.9.37
• 1.9.38
• 1.9.39
• 1.9.40
• 1.9.41
• 1.9.42
• 1.9.43
• 1.9.44
• 1.9.45
• 1.9.46
• 1.9.47
• 1.9.48
• 1.9.49
• 1.9.50
• 1.9.51
• 1.9.52
• 1.9.53
• 1.9.54
• 1.9.55
• 1.9.56
• 1.9.57
• 1.9.58
• 1.9.59
• 1.9.60
• 1.9.61
• 1.9.62
• 1.9.63
• 1.9.64
• 1.9.65
• 1.9.66
• 1.9.67
• 1.9.68
• 1.9.69
• 1.9.70
• 1.9.71
• 1.9.72
• 1.9.73
• 1.9.74
• 1.9.75
• 1.9.76
• 1.9.77
• 1.9.78
• 1.9.79
• 1.9.80
• 1.9.81
• 1.9.82
• 1.9.83
• 1.9.84
• 1.9.85
• 1.9.86
• 1.9.87
• 1.9.88
• 1.9.89
• 1.9.90
• 1.9.91

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion