CVE-2024-42184

Summary

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix Patch Management Download Plug-ins1177 and belowaffected

Weaknesses

  • CWE-84: CWE-84 Improper Neutralization of Encoded URI Schemes in a Web Page

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References