CVE-2024-42183

Summary

BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix Patch Management Download Plug-ins1177 and belowaffected

Weaknesses

  • CWE-494: CWE-494 Download of Code Without Integrity Check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References