Insecure File URI Scheme in BigFix Patch Download Plug-ins by HCL Software
CVE-2024-42184

2.5LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Patch Management Download Plug-ins
Vendor: CVE Published:; 23 January 2025

Summary

The BigFix Patch Download Plug-ins from HCL Software are susceptible to vulnerabilities arising from insecure support for the file URI scheme. This flaw could enable an attacker to exploit the system by attempting to download files using the 'file://' URI scheme, potentially leading to unauthorized file access or system compromise. Organizations using this software should evaluate their security posture and apply necessary mitigations.

Affected Version(s)

BigFix Patch Management Download Plug-ins 1177 and below

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jul 29, 2024