CVE-2024-23551

EPSS 0.05%
Veröffentlicht 07.05.2024 22:15:07
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerhcltech

≫

Produkt bigfix_compliance

Default Statusunknown

Version <= 9.5.25.11

Version 9.0.835.0

Status affected

Version <= 10.0.5.0

Version 10.0.0.133

Status affected

Version <= 11.0.2.125

Version 11.0.0.175

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.149

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	6.5	0.6	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963

https://nvd.nist.gov/vuln/detail/CVE-2024-23551

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23551

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23551

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23551