Lucene search

HCLCVELIST:CVE-2022-38658

HistoryDec 22, 2022 - 6:52 p.m.

CVE-2022-38658 HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service

2022-12-2218:52:52

HCL

www.cve.org

hcl bigfix

server automation

notification service

windows

security vulnerability

sensitive data

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator’s sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BigFix Server Automation",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=3.2.1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102117

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

Related for CVELIST:CVE-2022-38658