CVE-2024-23551 MEDIUM

CVE-2024-23551: HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint

Vendor Hcl Software
Product BigFix Compliance
Weakness CWE-522 · Insufficiently protected credentials
Published May 7, 2024
Last update August 1, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.

Key dates

02Disclosure timeline

May 7, 2024 CVE published
August 1, 2024 Record updated