cnvd - cnvd-2023-84329

CNVD-2023-84329

Vulnerability from cnvd - Published: 2023-11-09

Title

HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)弱加密漏洞

Description

HCL Technologies BigFix Insights是美国HCL Technologies公司通过端点队列数据的提升视图、丰富的报告以及与现有商业智能工具的集成，加快风险识别和决策制定。 HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)存在弱加密漏洞，该漏洞源于使用弱加密技术，导致凭证暴露。攻击者可利用该漏洞访问敏感信息或修改数据等。

Severity

中

Patch Name

HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)弱加密漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005

Reference

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005

Impacted products

Name
HCL Technologies BigFix Insights for Vulnerability Remediation (IVR) <2.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-44757",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-44757"
    }
  },
  "description": "HCL Technologies BigFix Insights\u662f\u7f8e\u56fdHCL Technologies\u516c\u53f8\u901a\u8fc7\u7aef\u70b9\u961f\u5217\u6570\u636e\u7684\u63d0\u5347\u89c6\u56fe\u3001\u4e30\u5bcc\u7684\u62a5\u544a\u4ee5\u53ca\u4e0e\u73b0\u6709\u5546\u4e1a\u667a\u80fd\u5de5\u5177\u7684\u96c6\u6210\uff0c\u52a0\u5feb\u98ce\u9669\u8bc6\u522b\u548c\u51b3\u7b56\u5236\u5b9a\u3002\n\nHCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5b58\u5728\u5f31\u52a0\u5bc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u5f31\u52a0\u5bc6\u6280\u672f\uff0c\u5bfc\u81f4\u51ed\u8bc1\u66b4\u9732\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u4fee\u6539\u6570\u636e\u7b49\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-84329",
  "openTime": "2023-11-09",
  "patchDescription": "HCL Technologies BigFix Insights\u662f\u7f8e\u56fdHCL Technologies\u516c\u53f8\u901a\u8fc7\u7aef\u70b9\u961f\u5217\u6570\u636e\u7684\u63d0\u5347\u89c6\u56fe\u3001\u4e30\u5bcc\u7684\u62a5\u544a\u4ee5\u53ca\u4e0e\u73b0\u6709\u5546\u4e1a\u667a\u80fd\u5de5\u5177\u7684\u96c6\u6210\uff0c\u52a0\u5feb\u98ce\u9669\u8bc6\u522b\u548c\u51b3\u7b56\u5236\u5b9a\u3002\r\n\r\nHCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5b58\u5728\u5f31\u52a0\u5bc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u5f31\u52a0\u5bc6\u6280\u672f\uff0c\u5bfc\u81f4\u51ed\u8bc1\u66b4\u9732\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u4fee\u6539\u6570\u636e\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5f31\u52a0\u5bc6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HCL Technologies BigFix Insights for Vulnerability Remediation (IVR) \u003c2.0.3"
  },
  "referenceLink": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005",
  "serverity": "\u4e2d",
  "submitTime": "2023-10-13",
  "title": "HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5f31\u52a0\u5bc6\u6f0f\u6d1e"
}

CVE-2022-44757 (GCVE-0-2022-44757)

Vulnerability from cvelistv5 – Published: 2023-10-11 06:13 – Updated: 2024-09-18 18:09

Title

HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography

Summary

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Assigner

HCL

References

URL

Tags

https://support.hcltechsw.com/csm?id=kb_article&s…

Impacted products

	Vendor	Product	Version
	HCL Software	BigFix Insights for Vulnerability Remediation	Affected: <=2.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:01:31.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-44757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T18:09:32.817707Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T18:09:57.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix Insights for Vulnerability Remediation",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=2.0.2"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T21:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T06:13:27.405Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2022-44757",
    "datePublished": "2023-10-11T06:13:27.405Z",
    "dateReserved": "2022-11-04T21:08:23.515Z",
    "dateUpdated": "2024-09-18T18:09:57.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-84329

CVE-2022-44757 (GCVE-0-2022-44757)

Tags

Sightings

Nomenclature