CVE-2022-38659Inadequate Encryption Strength in Bigfix Platform

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.8HIGHNVD
CNA6.0
EPSS
0.0%
top 94.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hcltech Bigfix PlatformHCL Software Bigfix Platform
Timeline
PublishedDec 19

Description

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhcltech/bigfix_platform9.59.5.20+1
CVEListV5hcl_software/bigfix_platform9.5 - 9.5.20, 10 - 10.0.7

🔴Vulnerability Details

2
GHSA
GHSA-hp9j-r2qw-j3vw: In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent2022-12-19
CVEList
HCL BigFix Platform is affected by insecure credential storage2022-12-17
CVE-2022-38659 — Inadequate Encryption Strength | cvebase