CVE-2022-38659 - OpenCVE

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Bigfix Platform
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:hcltech:bigfix_platform::::::::
	cpe:2.3:a:hcltech:bigfix_platform::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2022-12-17T18:44:57.327Z

Updated: 2024-08-03T11:02:14.349Z

Reserved: 2022-08-22T16:31:27.395Z

Link: CVE-2022-38659

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-19T11:15:10.330

Modified: 2023-11-07T03:50:11.073

Link: CVE-2022-38659

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38659", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-08-22T16:31:27.395Z", "datePublished": "2022-12-17T18:44:57.327Z", "dateUpdated": "2024-08-03T11:02:14.349Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix Platform", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "9.5 - 9.5.20, 10 - 10.0.7"}]}], "datePublic": "2022-12-16T16:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.</span><br>"}], "value": "In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2022-12-19T10:00:14.221629Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix Platform is affected by insecure credential storage", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.349Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D19E40-5196-4821-8555-80692A683339", "versionEndIncluding": "9.5.20", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDB6B85F-BC62-4B39-830F-B443A0EC0BA2", "versionEndIncluding": "10.0.7", "versionStartIncluding": "10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.\n"}, {"lang": "es", "value": "En escenarios espec\u00edficos, en Windows las credenciales del operador pueden cifrarse de una manera que no dependa completamente de la m\u00e1quina."}], "id": "CVE-2022-38659", "lastModified": "2023-11-07T03:50:11.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-12-19T11:15:10.330", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}