CVE-2024-30117Uncontrolled Search Path Element in Bigfix Platform

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
5.3MEDIUMNVD
CNA2.5
EPSS
0.1%
top 77.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hcltech Bigfix PlatformHCL Software Bigfix Platform
Timeline
PublishedOct 14
Latest updateOct 15

Description

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDhcltech/bigfix_platform9.59.5.25+2
CVEListV5hcl_software/bigfix_platform9.5 - 9.5.24, 10.0 - 10.0.11, 11.0.0 - 11.0.2

🔴Vulnerability Details

2
GHSA
GHSA-fp78-wr5r-r3fr: A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances2024-10-15
CVEList
HCL BigFix Platform is affected by a DLL Hijack vulnerability2024-10-14
CVE-2024-30117 — Uncontrolled Search Path Element | cvebase