6.5
CVE-2024-23551
- EPSS 0.05%
- Veröffentlicht 07.05.2024 22:15:07
- Zuletzt bearbeitet 21.11.2024 08:57:55
- Quelle psirt@hcl.com
- Teams Watchlist Login
- Unerledigt Login
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerhcltech
≫
Produkt
bigfix_compliance
Default Statusunknown
Version <=
9.5.25.11
Version
9.0.835.0
Status
affected
Version <=
10.0.5.0
Version
10.0.0.133
Status
affected
Version <=
11.0.2.125
Version
11.0.0.175
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.148 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@hcl.com | 6.5 | 0.6 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.