Lucene search

HCLVULNRICHMENT:CVE-2024-23584

HistoryApr 08, 2024 - 11:05 p.m.

CVE-2024-23584 HCL BigFix Asset Discovery is affected by a security vulnerability

2024-04-0823:05:11

HCL

github.com

hcl bigfix asset discovery

security vulnerability

nmap importer

data store credentials

windows registry

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:hcltech:bigfix_enterprise_suite_asset_discovery:*:*:*:*:*:*:*:*"
    ],
    "vendor": "hcltech",
    "product": "bigfix_enterprise_suite_asset_discovery",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "109"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112264

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-23584