CVE-2019-4061

MEDIUM EXPLOITED NUCLEI

IBM BigFix Platform 9.2-9.5 < 9.2.16 - Unauthenticated Information Exposure via Relay Query

Title source: llm

Exploitation Summary

CVE-2019-4061 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including HD Moore, Chris Bellows, Ryan Hanson, Jacob Robles, including a Metasploit module auxiliary/gather/ibm_bigfix_sites_packages_enum. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module enumerates masthead, site, and package information from IBM BigFix Relay Servers by sending HTTP requests to specific endpoints. It can also download available packages if configured.

Description

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.

Exploits (1)

metasploit WORKING POC

by HD Moore, Chris Bellows, Ryan Hanson, Jacob Robles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum.rb

View Code ZIP pw:eip

This Metasploit module enumerates masthead, site, and package information from IBM BigFix Relay Servers by sending HTTP requests to specific endpoints. It can also download available packages if configured.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: IBM BigFix Relay Server

No auth needed

Prerequisites: Network access to the IBM BigFix Relay Server on port 52311

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

IBM BigFix Platform - Information Disclosure

MEDIUMVERIFIEDby daffainfo

Shodan: port:52311 "BigFixHTTPServer"

References (4)

Core 4

Core References

VDB Entry, Vendor Advisory vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/156869

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/107189

Broken Link, Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=ibm10870242

Third Party Advisory x_refsource_misc

http://www.rapid7.com/db/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum

Scores

CVSS v3 5.3

EPSS 0.2255

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-04-08

CWE

CWE-200

Status published

Products (1)

ibm/bigfix_platform 9.2 - 9.2.16

Published Feb 27, 2019

Tracked Since Feb 18, 2026