Path Traversal Vulnerability in BigFix Patch Download Plug-ins by HCL Software
CVE-2024-42187

5.3MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Bigfix Patch Management Download Plug-ins
Vendor: CVE Published:; 23 January 2025

Summary

The BigFix Patch Download Plug-ins are susceptible to a path traversal vulnerability that allows unauthorized access to files in the local repository. This could enable nefarious actors to craft specially designed requests, potentially exposing sensitive data and compromising system integrity. Organizations using these plug-ins should implement immediate measures to mitigate this risk and ensure the security of their environment.

Affected Version(s)

BigFix Patch Management Download Plug-ins 1177 and below

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jul 29, 2024