XML Injection Vulnerability in BigFix Patch Download Plug-ins by HCL Software
CVE-2024-42185

2.5LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Patch Management Download Plug-ins
Vendor: CVE Published:; 23 January 2025

Summary

The BigFix Patch Download Plug-ins from HCL Software are vulnerable to an XML injection flaw, allowing attackers to inject malicious XML. This could lead to serious consequences such as denial of service and unauthorized access to sensitive systems. Users are advised to review their security measures and apply the necessary updates to mitigate risks.

Affected Version(s)

BigFix Patch Management Download Plug-ins 1177 and below

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jul 29, 2024