Lucene search
HCLVULNRICHMENT:CVE-2024-23556HistoryMay 17, 2024 - 11:40 p.m.
CVE-2024-23556 HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation
2024-05-1723:40:50
HCL
github.com
7
cve-2024-23556
hcl bigfix platform
ssl/tls renegotiation
dos attack
vulnerability
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*"
],
"vendor": "hcltech",
"product": "bigfix_platform",
"versions": [
{
"status": "affected",
"version": "9.5",
"versionType": "custom",
"lessThanOrEqual": "9.5.24"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_platform:10.0.0:*:*:*:*:*:*:*"
],
"vendor": "hcltech",
"product": "bigfix_platform",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"versionType": "custom",
"lessThanOrEqual": "10.0.11"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_platform:11.0.1:*:*:*:*:*:*:*"
],
"vendor": "hcltech",
"product": "bigfix_platform",
"versions": [
{
"status": "affected",
"version": "11.0.1"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-23556