CVE-2019-4013

CRITICAL

IBM Bigfix Platform < 9.5.11 - Unrestricted File Upload

Title source: rule

Description

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

Exploits (1)

exploitdb WORKING POC

by Jakub Palaczynski · textwebappsjava

https://www.exploit-db.com/exploits/47470

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/154747/IBM-Bigfix-Platform-9.5.9.62-Arbitary-File-Upload-Code-Execution.html

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=ibm10874666

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/155887

Scores

CVSS v3 9.0

EPSS 0.1607

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

ibm/bigfix_platform 9.5.0 - 9.5.11

Published Apr 10, 2019

Tracked Since Feb 18, 2026