CVE-2022-42453 — Improper Authentication in Bigfix Platform

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.5MEDIUMNVD

CNA6.9

EPSS

0.1%

top 71.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hcltech Bigfix Platform HCL Software Bigfix Platform

Timeline

PublishedDec 19

Description

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhcltech/bigfix_platform9.5.0 — 9.5.21+1

▶CVEListV5hcl_software/bigfix_platform9.5 - 9.5.20, 10 - 10.0.7

🔴Vulnerability Details

GHSA

GHSA-3cf8-mgm4-6mvf: There are insufficient warnings when a Fixlet is imported by a user↗2022-12-19

▶

CVEList

HCL BigFix Platform is affected by insufficient warnings↗2022-12-17

▶