Improper Permissions in HCL BigFix Inventory Could Lead to Unauthorized Configuration Changes
CVE-2024-42194

Currently unrated

Key Information:

Vendor: HCL Software
Vendor: CVE Published:; 17 December 2024

Summary

The CVE-2024-42194 vulnerability arises from improper handling of insufficient permissions and privileges in HCL BigFix Inventory. This flaw allows an attacker, who possesses only a read-only account, to execute a specially crafted REST API call, potentially enabling them to modify specific configuration parameters. Such unauthorized configuration changes could have significant implications for the security posture and operational integrity of affected systems.

References

https://https://support.hcl-software.com/csm?id=kb_articl...

Timeline

Vulnerability published
Dec 17, 2024