CVE-2022-38658

HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service

CVSS 7.7 HIGHEPSS 0.3%CWE-311

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

22 dez 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H

Produtos afetados

HCL Software · BigFix Server Automation

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102117