Security Risk: Storing Credentials in Plaintext or Encoded Format

CVE-2024-23551

6.5MEDIUM

Key Information

Vendor: Hcl Software
Status: Bigfix Compliance
Vendor: CVE Published:; 7 May 2024

Summary

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.

Affected Version(s)

BigFix Compliance = v9.x, v10.x, v11.x

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
May 7, 2024
Vulnerability Reserved.
Jan 18, 2024

Collectors

NVD DatabaseMitre Database