Denial of Service Vulnerability in HCL BigFix Web Reports
CVE-2024-42189

5.6MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Bigfix Platform
Vendor: CVE Published:; 15 April 2025

Summary

HCL BigFix Web Reports is vulnerable to a Denial of Service (DoS) attack, caused by inadequate validation of an API parameter. This weakness may allow attackers to disrupt service availability, impacting the operation of the affected web reports. Organizations using this software should assess their systems and apply the necessary patches to mitigate the risk of exploitation.

Affected Version(s)

HCL BigFix Platform 10.0 - 10.0.12; 11.0.0 - 11.0.3

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Jul 29, 2024