CVE-2024-42185 LOW

CVE-2024-42185: HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks

Vendor Hcl Software
Product BigFix Patch Management Download Plug-ins
Weakness CWE-611 · XXE
Published January 23, 2025
Last update January 23, 2025

CVSS base score

2.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access.

Key dates

02Disclosure timeline

January 23, 2025 CVE published
January 23, 2025 Record updated