HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper certificate validation
CVE-2022-42454
5.3MEDIUM
Key Information:
- Vendor
- HCL Software Software
- Status
- Bigfix Insights For Vulnerability Remediation
- Vendor
- CVE Published:
- 21 December 2022
Summary
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access.
Affected Version(s)
BigFix Insights for Vulnerability Remediation <= v2.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved