Insecure Protocol Support Vulnerability in BigFix Patch Download Plug-ins by HCL Software
CVE-2024-42186

2.8LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Patch Management Download Plug-ins
Vendor: CVE Published:; 23 January 2025

Summary

The BigFix Patch Download Plug-ins from HCL Software are susceptible to an insecure protocol support vulnerability. This issue arises from improper handling of SSL certificate validation, potentially allowing attackers to exploit data transmitted over insecure channels, posing a risk to the integrity and confidentiality of sensitive information.

Affected Version(s)

BigFix Patch Management Download Plug-ins 1177 and below

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jul 29, 2024