CVE-2024-23551

EPSS 0.05%
Published 07.05.2024 22:15:07
Last modified 21.11.2024 08:57:55
Source psirt@hcl.com
Teams watchlist Login
Open Login

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorhcltech

≫

Product bigfix_compliance

Default Statusunknown

Version <= 9.5.25.11

Version 9.0.835.0

Status affected

Version <= 10.0.5.0

Version 10.0.0.133

Status affected

Version <= 11.0.2.125

Version 11.0.0.175

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.148

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@hcl.com	6.5	0.6	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963

https://nvd.nist.gov/vuln/detail/CVE-2024-23551

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23551

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23551

EUVD