CVE-2024-42186 LOW

CVE-2024-42186: HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

Vendor Hcl Software
Product BigFix Patch Management Download Plug-ins
Weakness CWE-295
Published January 23, 2025
Last update January 23, 2025

CVSS base score

2.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.

Key dates

02Disclosure timeline

January 23, 2025 CVE published
January 23, 2025 Record updated