{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23551", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-01-18T07:29:53.325Z", "datePublished": "2024-05-07T21:46:54.285Z", "dateUpdated": "2024-08-01T23:06:25.195Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix Compliance", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "v9.x, v10.x, v11.x"}]}], "datePublic": "2024-05-07T21:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity."}], "value": "Database scanning using username and password stores the credentials in\u00a0plaintext or encoded format within files at the endpoint. This has been identified as a significant\u00a0security risk. This will lead to exposure of sensitive information for unauthorized access,\u00a0potentially leading to severe consequences such as data breaches, unauthorized data\u00a0manipulation, and compromised system integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-05-07T21:46:54.285Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "hcltech", "product": "bigfix_compliance", "cpes": ["cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.0.835.0", "status": "affected", "lessThanOrEqual": "9.5.25.11", "versionType": "custom"}, {"version": "10.0.0.133", "status": "affected", "lessThanOrEqual": "10.0.5.0", "versionType": "custom"}, {"version": "11.0.0.175", "status": "affected", "lessThanOrEqual": "11.0.2.125", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T13:14:36.472135Z", "id": "CVE-2024-23551", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T13:52:12.348Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.195Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.195Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23551", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T13:14:36.472135Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*"], "vendor": "hcltech", "product": "bigfix_compliance", "versions": [{"status": "affected", "version": "9.0.835.0", "versionType": "custom", "lessThanOrEqual": "9.5.25.11"}, {"status": "affected", "version": "10.0.0.133", "versionType": "custom", "lessThanOrEqual": "10.0.5.0"}, {"status": "affected", "version": "11.0.0.175", "versionType": "custom", "lessThanOrEqual": "11.0.2.125"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T13:52:05.738Z"}}], "cna": {"title": "HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "BigFix Compliance", "versions": [{"status": "affected", "version": "v9.x, v10.x, v11.x"}], "defaultStatus": "unaffected"}], "datePublic": "2024-05-07T21:00:00.000Z", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Database scanning using username and password stores the credentials in\u00a0plaintext or encoded format within files at the endpoint. This has been identified as a significant\u00a0security risk. This will lead to exposure of sensitive information for unauthorized access,\u00a0potentially leading to severe consequences such as data breaches, unauthorized data\u00a0manipulation, and compromised system integrity.", "supportingMedia": [{"type": "text/html", "value": "Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-05-07T21:46:54.285Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23551", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:25.195Z", "dateReserved": "2024-01-18T07:29:53.325Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-05-07T21:46:54.285Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Database scanning using username and password stores the credentials in\u00a0plaintext or encoded format within files at the endpoint. This has been identified as a significant\u00a0security risk. This will lead to exposure of sensitive information for unauthorized access,\u00a0potentially leading to severe consequences such as data breaches, unauthorized data\u00a0manipulation, and compromised system integrity."}, {"lang": "es", "value": "El escaneo de la base de datos mediante nombre de usuario y contrase\u00f1a almacena las credenciales en texto sin formato o en formato codificado dentro de archivos en el endpoint. Esto ha sido identificado como un riesgo de seguridad importante. Esto dar\u00e1 lugar a la exposici\u00f3n de informaci\u00f3n confidencial para acceso no autorizado, lo que podr\u00eda tener consecuencias graves, como violaciones de datos, manipulaci\u00f3n de datos no autorizada y compromiso de la integridad del sistema."}], "id": "CVE-2024-23551", "lastModified": "2024-11-21T08:57:55.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2024-05-07T22:15:07.560", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{}