Server-Side Request Forgery in HCL BigFix Patch Download Plug-ins
CVE-2024-42182

2.5LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Patch Management Download Plug-ins
Vendor: CVE Published:; 23 January 2025

Summary

The HCL BigFix Patch Download Plug-ins are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw could enable an attacker to exploit the application, potentially allowing it to download files from an internally hosted server on localhost. Such vulnerabilities can lead to significant data breaches and unauthorized access to sensitive information, making it crucial for organizations to address this issue promptly.

Affected Version(s)

BigFix Patch Management Download Plug-ins 1177 and below

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jul 29, 2024