Lucene search

HCLCVELIST:CVE-2024-23584

HistoryApr 08, 2024 - 11:05 p.m.

CVE-2024-23584 HCL BigFix Asset Discovery is affected by a security vulnerability

2024-04-0823:05:11

HCL

www.cve.org

cve-2024-23584

hcl bigfix asset discovery

security vulnerability

nmap importer service

data store credentials

windows registry

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BigFix Enterprise Suite Asset Discovery",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=109"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112264

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-23584