HCL BigFix Server 10.0.x < 10.0.13 / 11.0.x < 11.0.4 Multiple Vulnerabilities (KB0120585)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(242295);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/18");

  script_cve_id("CVE-2024-42189", "CVE-2024-42193", "CVE-2024-42200");
  script_xref(name:"IAVA", value:"2025-A-0528");

  script_name(english:"HCL BigFix Server 10.0.x < 10.0.13 / 11.0.x < 11.0.4  Multiple Vulnerabilities (KB0120585)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of HCL BigFix Server installed on the remote host is 10.0.x prior to 10.0.13 or 11.x prior to 11.0.4. It
is, therefore, affected by multiple vulnerabilities as referenced in the KB0120585 advisory.

  - HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL
    certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data
    exposure as, if exploited, this vulnerability could potentially lead to unauthorized access. (CVE-2024-42193)

  - HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak
    validation of an API parameter. (CVE-2024-42189)

  - HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially
    weak validation of user input. (CVE-2024-42200)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0120585
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1141f143");
  script_set_attribute(attribute:"solution", value:
"Upgrade HCL BigFix Server based upon the guidance specified in KB0120585.");
  script_set_attribute(attribute:"agent", value:"windows");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-42189");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hcltech:bigfix_platform");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:bigfix_platform");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:endpoint_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_endpoint_manager");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("hcl_bigfix_server_win_installed.nbin");
  script_require_keys("installed_sw/HCL BigFix Server", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'HCL BigFix Server', win_local:TRUE);

# Require paranoia to flag unless we're sure we detect it
if (empty_or_null(app_info.BESWebReportsServer) && report_paranoia < 2)
{
  audit(AUDIT_POTENTIAL_VULN, 'HCL BigFix Server', app_info.version);
}

var constraints = [
  { 'min_version' : '10.0', 'fixed_version' : '10.0.13' },
  { 'min_version' : '11.0', 'fixed_version' : '11.0.4' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING,
    flags:{'xss':TRUE}
);