CVE-2022-38658

HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service

CVSS 7.7 HIGHEPSS 0.3%CWE-311

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

22 dic 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H

Productos afectados

HCL Software · BigFix Server Automation

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102117