PT-2020-17874 · Ibm · Bigfix Platform

Anna Ciotti

Published

2020-07-16

Updated

2021-07-21

CVE-2020-4095

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BigFix Platform (affected versions not specified)

Description The issue allows an attacker with administrative privileges to extract clear text credentials from the system's memory. These credentials can then be used to gain further access to the environment. Applying the principle of least privilege to BigFix deployments is recommended, limiting administrative access.

Recommendations Apply the principle of least privilege to all BigFix deployments, limiting administrative access to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-522

Related Identifiers

CVE-2020-4095

Affected Products

Bigfix Platform

PT-2020-17874 · Ibm · Bigfix Platform

CVE-2020-4095

Weakness Enumeration

Related Identifiers

Affected Products

References · 3