CVE-2024-23583Insufficiently Protected Credentials in Bigfix Platform

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 77.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hcltech Bigfix PlatformHCL Software Bigfix Platform
Timeline
PublishedMay 17
Latest updateMay 18

Description

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDhcltech/bigfix_platform9.59.5.25+2
CVEListV5hcl_software/bigfix_platform9.5 - 9.5.24, 10 - 10.0.11, 11.0.1

🔴Vulnerability Details

2
GHSA
GHSA-6q9q-x3xj-g3m7: An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems2024-05-18
CVEList
HCL BigFix Platform is susceptible to insufficiently protected credentials2024-05-17
CVE-2024-23583 — Insufficiently Protected Credentials | cvebase