Lucene search

K
cve[email protected]CVE-2022-44757
HistoryOct 11, 2023 - 7:15 a.m.

CVE-2022-44757

2023-10-1107:15:09
CWE-522
web.nvd.nist.gov
17
20
bigfix insights
vulnerability remediation
ivr
weak cryptography
credential exposure
cve-2022-44757

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.

Affected configurations

NVD
Node
hcltechbigfix_insights_for_vulnerability_remediationRange<2.0.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BigFix Insights for Vulnerability Remediation",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=2.0.2"
      }
    ]
  }
]

Social References

More

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

Related for CVE-2022-44757