CVE-2024-42193 LOW

CVE-2024-42193: HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack

Vendor Hcl Software
Product HCL BigFix Platform
Weakness CWE-295
Published April 15, 2025
Last update April 15, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

What the vulnerability does

01Description

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.

Key dates

02Disclosure timeline

April 15, 2025 CVE published
April 15, 2025 Record updated