Lucene search

HCLCVELIST:CVE-2022-42453

HistoryDec 17, 2022 - 7:03 p.m.

CVE-2022-42453 HCL BigFix Platform is affected by insufficient warnings

2022-12-1719:03:24

HCL

www.cve.org

hcl bigfix platform

insufficient warnings

fixlet import

script execution

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

22.9%

JSON

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BigFix Platform",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.5 - 9.5.20, 10 - 10.0.7"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

22.9%

JSON

Related for CVELIST:CVE-2022-42453