CVE-2022-42453 MEDIUM

CVE-2022-42453: HCL BigFix Platform is affected by insufficient warnings

Vendor Hcl Software
Product BigFix Platform
Published December 17, 2022
Last update April 17, 2025

CVSS base score

6.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.

Key dates

02Disclosure timeline

December 17, 2022 CVE published
April 17, 2025 Record updated