CVE-2022-38655 - OpenCVE

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Bigfix Webui

Configuration 1 [-]

cpe:2.3:a:hcltech:bigfix_webui:20:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2022-12-20T04:51:01.413Z

Updated: 2024-08-03T11:02:14.043Z

Reserved: 2022-08-22T16:31:27.394Z

Link: CVE-2022-38655

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-21T17:15:09.430

Modified: 2023-11-07T03:50:10.607

Link: CVE-2022-38655

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38655", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2022-08-22T16:31:27.394Z", "datePublished": "2022-12-20T04:51:01.413Z", "dateUpdated": "2024-08-03T11:02:14.043Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix WebUI", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "20"}]}], "datePublic": "2022-12-20T04:23:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. </span><br>"}], "value": "BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. \n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2022-12-21T01:21:43.830108Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix WebUI is affected by a missing-permission-check vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.043Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140", "tags": ["x_transferred"]}]}]}}