HCLVULNRICHMENT:CVE-2024-23551CVE-2024-23551 HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*"
],
"vendor": "hcltech",
"product": "bigfix_compliance",
"versions": [
{
"status": "affected",
"version": "9.0.835.0",
"versionType": "custom",
"lessThanOrEqual": "9.5.25.11"
},
{
"status": "affected",
"version": "10.0.0.133",
"versionType": "custom",
"lessThanOrEqual": "10.0.5.0"
},
{
"status": "affected",
"version": "11.0.0.175",
"versionType": "custom",
"lessThanOrEqual": "11.0.2.125"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total