CVE-2024-42194

Summary

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix Inventoryv9.x, v10.x, v11.0.0.0, v11.0.1.0affected

Weaknesses

  • CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References