CVE-2024-42189Improper Validation of Specified Type of Input in Bigfix Platform

CWE-1287Improper Validation of Specified Type of Input3 documents3 sources
Severity
5.6MEDIUMNVD
EPSS
0.2%
top 53.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hcltech Bigfix PlatformHCL Software HCL Bigfix Platform
Timeline
PublishedApr 15

Description

HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDhcltech/bigfix_platform10.0.010.0.13+1
CVEListV5hcl_software/hcl_bigfix_platform10.0 - 10.0.12; 11.0.0 - 11.0.3

🔴Vulnerability Details

2
CVEList
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack2025-04-15
GHSA
GHSA-37j4-mqr6-6m6x: HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter2025-04-15
CVE-2024-42189 — Hcltech Bigfix Platform vulnerability | cvebase