漏洞描述
IBM BigFix(前称IBM Endpoint Manager,Tivoli Endpoint Manager)是美国IBM公司的一套系统管理软件。该软件提供远程控制、补丁管理、软件分发、操作系统部署、网络访问保护等功能。 IBM BigFix Platform中存在任意文件上传漏洞。攻击者可利用该漏洞上传恶意的文件,执行任意代码。以下版本受到影响:IBM BigFix Platform 9.0,9.1,9.2,9.5。
IBM BigFix Platform 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-32429: XWiki Platform - SQL Injection
- XWiki Platform /bin/register/XWiki/XWikiRegister 代码执行漏洞(CVE-2024-21650)
- XWiki Platform /bin/ssx/Main/WebHome 目录遍历漏洞(CVE-2025-55748)
- (CVE-2025-55747) XWiki Platform配置文件信息泄露漏洞
- XWiki Platform /rest/wikis/xwiki/pages 权限绕过漏洞(CVE-2025-29925)
- POC CVE-2010-1429: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
- POC CVE-2018-19276: OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
- POC CVE-2019-3929: Barco/AWIND OEM Presentation Platform - Remote Command Injection
- POC CVE-2020-6308: SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
- POC CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution
- POC CVE-2021-1498: Cisco HyperFlex HX Data Platform - Remote Command Execution
- POC CVE-2021-1499: Cisco HyperFlex HX Data Platform - Arbitrary File Upload
- POC CVE-2021-33904: Accela Civic Platform <=21.1 - Cross-Site Scripting