CVE-2022-38658
7.7
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H
Summary
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCL Software | BigFix Server Automation | <=3.2.1 | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.