CVE-2024-42182 LOW

CVE-2024-42182: HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability

Vendor Hcl Software
Product BigFix Patch Management Download Plug-ins
Weakness CWE-918 · SSRF
Published January 23, 2025
Last update January 23, 2025

CVSS base score

2.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.

Key dates

02Disclosure timeline

January 23, 2025 CVE published
January 23, 2025 Record updated