Search criteria
4 vulnerabilities found for HCL BigFix by HCL Software
CVE-2022-27545 (GCVE-0-2022-27545)
Vulnerability from nvd – Published: 2022-07-19 15:40 – Updated: 2024-09-16 17:03
VLAI
Title
HCL BigFix Web Reports authorized users may perform HTML injection.
Summary
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
Severity
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL BigFix |
Affected:
9.5, 10.0
|
Date Public
2022-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL BigFix",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5, 10.0"
}
]
}
],
"datePublic": "2022-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T15:40:17.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Web Reports authorized users may perform HTML injection.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-07-18T12:36:00.000Z",
"ID": "CVE-2022-27545",
"STATE": "PUBLIC",
"TITLE": "HCL BigFix Web Reports authorized users may perform HTML injection."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL BigFix",
"version": {
"version_data": [
{
"version_value": "9.5, 10.0"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27545",
"datePublished": "2022-07-19T15:40:18.074Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:59.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27544 (GCVE-0-2022-27544)
Vulnerability from nvd – Published: 2022-07-19 15:40 – Updated: 2024-09-16 23:36
VLAI
Title
HCL BigFix Web Reports authorized users may see sensitive information in clear text
Summary
BigFix Web Reports authorized users may see SMTP credentials in clear text.
Severity
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL BigFix |
Affected:
9.5, 10.0
|
Date Public
2022-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL BigFix",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5, 10.0"
}
]
}
],
"datePublic": "2022-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BigFix Web Reports authorized users may see SMTP credentials in clear text."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T15:40:12.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Web Reports authorized users may see sensitive information in clear text",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-07-18T12:16:00.000Z",
"ID": "CVE-2022-27544",
"STATE": "PUBLIC",
"TITLE": "HCL BigFix Web Reports authorized users may see sensitive information in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL BigFix",
"version": {
"version_data": [
{
"version_value": "9.5, 10.0"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigFix Web Reports authorized users may see SMTP credentials in clear text."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27544",
"datePublished": "2022-07-19T15:40:13.044Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:54.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27545 (GCVE-0-2022-27545)
Vulnerability from cvelistv5 – Published: 2022-07-19 15:40 – Updated: 2024-09-16 17:03
VLAI
Title
HCL BigFix Web Reports authorized users may perform HTML injection.
Summary
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
Severity
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL BigFix |
Affected:
9.5, 10.0
|
Date Public
2022-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL BigFix",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5, 10.0"
}
]
}
],
"datePublic": "2022-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T15:40:17.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Web Reports authorized users may perform HTML injection.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-07-18T12:36:00.000Z",
"ID": "CVE-2022-27545",
"STATE": "PUBLIC",
"TITLE": "HCL BigFix Web Reports authorized users may perform HTML injection."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL BigFix",
"version": {
"version_data": [
{
"version_value": "9.5, 10.0"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27545",
"datePublished": "2022-07-19T15:40:18.074Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:59.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27544 (GCVE-0-2022-27544)
Vulnerability from cvelistv5 – Published: 2022-07-19 15:40 – Updated: 2024-09-16 23:36
VLAI
Title
HCL BigFix Web Reports authorized users may see sensitive information in clear text
Summary
BigFix Web Reports authorized users may see SMTP credentials in clear text.
Severity
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL BigFix |
Affected:
9.5, 10.0
|
Date Public
2022-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL BigFix",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5, 10.0"
}
]
}
],
"datePublic": "2022-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BigFix Web Reports authorized users may see SMTP credentials in clear text."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T15:40:12.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Web Reports authorized users may see sensitive information in clear text",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-07-18T12:16:00.000Z",
"ID": "CVE-2022-27544",
"STATE": "PUBLIC",
"TITLE": "HCL BigFix Web Reports authorized users may see sensitive information in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL BigFix",
"version": {
"version_data": [
{
"version_value": "9.5, 10.0"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigFix Web Reports authorized users may see SMTP credentials in clear text."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098998"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27544",
"datePublished": "2022-07-19T15:40:13.044Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:54.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}