Arbitrary File Download Vulnerability in HCL BigFix Patch Download Plug-ins
CVE-2024-42183

2.5LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Patch Management Download Plug-ins
Vendor: CVE Published:; 23 January 2025

Summary

The HCL BigFix Patch Download Plug-ins are susceptible to an arbitrary file download vulnerability. This flaw enables a malicious actor to download files from any URL without adequate validation or allowlist controls, potentially compromising system integrity and security. Organizations utilizing these plug-ins must address this issue to prevent unauthorized access to sensitive data. For resolution and further details, refer to HCL's support resources.

Affected Version(s)

BigFix Patch Management Download Plug-ins 1177 and below

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jul 29, 2024