CVE-2022-38658 HIGH

CVE-2022-38658: HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service

Vendor Hcl Software
Product BigFix Server Automation
Published December 22, 2022
Last update April 15, 2025

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H

What the vulnerability does

01Description

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

Key dates

02Disclosure timeline

December 22, 2022 CVE published
April 15, 2025 Record updated