PT-2018-12743 · Ibm · Ibm Bigfix Platform

Publicado

2018-12-12

Atualizado

2019-10-09

CVE-2018-1481

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM BigFix Platform versions 9.2.0 through 9.2.14 IBM BigFix Platform versions 9.5 through 9.5.9

Description The issue concerns the storage of sensitive information in URL parameters, potentially leading to information disclosure if unauthorized parties access the URLs through server logs, referrer headers, or browser history.

Recommendations For IBM BigFix Platform versions 9.2.0 through 9.2.14, consider modifying the application to avoid storing sensitive information in URL parameters. For IBM BigFix Platform versions 9.5 through 9.5.9, consider modifying the application to avoid storing sensitive information in URL parameters.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-1481

Produtos afetados

Ibm Bigfix Platform

PT-2018-12743 · Ibm · Ibm Bigfix Platform

CVE-2018-1481

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4