cvelistv5 - cve-2022-44757

CVE-2022-44757 (GCVE-0-2022-44757)

Vulnerability from cvelistv5 – Published: 2023-10-11 06:13 – Updated: 2024-09-18 18:09

Summary

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Assigner

HCL

References

URL

Tags

https://support.hcltechsw.com/csm?id=kb_article&s…

Impacted products

	Vendor	Product	Version
	HCL Software	BigFix Insights for Vulnerability Remediation	Affected: <=2.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:01:31.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-44757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T18:09:32.817707Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T18:09:57.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix Insights for Vulnerability Remediation",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=2.0.2"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T21:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T06:13:27.405Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2022-44757",
    "datePublished": "2023-10-11T06:13:27.405Z",
    "dateReserved": "2022-11-04T21:08:23.515Z",
    "dateUpdated": "2024-09-18T18:09:57.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.3\", \"matchCriteriaId\": \"2F53F59E-AF8B-4EEA-AB79-E6B1DD6EEFBF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\\n\"}, {\"lang\": \"es\", \"value\": \"BigFix Insights for Vulnerability Remediation (IVR) utiliza criptograf\\u00eda d\\u00e9bil que puede provocar la exposici\\u00f3n de las credenciales. Un atacante podr\\u00eda obtener acceso a informaci\\u00f3n confidencial, modificar datos de formas inesperadas, etc.\"}]",
      "id": "CVE-2022-44757",
      "lastModified": "2024-11-21T07:28:26.430",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@hcl.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}]}",
      "published": "2023-10-11T07:15:09.237",
      "references": "[{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005\", \"source\": \"psirt@hcl.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@hcl.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-44757\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2023-10-11T07:15:09.237\",\"lastModified\":\"2024-11-21T07:28:26.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\\n\"},{\"lang\":\"es\",\"value\":\"BigFix Insights for Vulnerability Remediation (IVR) utiliza criptograf\u00eda d\u00e9bil que puede provocar la exposici\u00f3n de las credenciales. Un atacante podr\u00eda obtener acceso a informaci\u00f3n confidencial, modificar datos de formas inesperadas, etc.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.3\",\"matchCriteriaId\":\"2F53F59E-AF8B-4EEA-AB79-E6B1DD6EEFBF\"}]}]}],\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:01:31.109Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-44757\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T18:09:32.817707Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T18:09:53.368Z\"}}], \"cna\": {\"title\": \"HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"BigFix Insights for Vulnerability Remediation\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=2.0.2\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-10-10T21:36:00.000Z\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eBigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2023-10-11T06:13:27.405Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-44757\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-18T18:09:57.783Z\", \"dateReserved\": \"2022-11-04T21:08:23.515Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2023-10-11T06:13:27.405Z\", \"assignerShortName\": \"HCL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2023-84329

Vulnerability from cnvd - Published: 2023-11-09

Title

HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)弱加密漏洞

Description

HCL Technologies BigFix Insights是美国HCL Technologies公司通过端点队列数据的提升视图、丰富的报告以及与现有商业智能工具的集成，加快风险识别和决策制定。 HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)存在弱加密漏洞，该漏洞源于使用弱加密技术，导致凭证暴露。攻击者可利用该漏洞访问敏感信息或修改数据等。

Severity

中

Patch Name

HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)弱加密漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005

Reference

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005

Impacted products

Name
HCL Technologies BigFix Insights for Vulnerability Remediation (IVR) <2.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-44757",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-44757"
    }
  },
  "description": "HCL Technologies BigFix Insights\u662f\u7f8e\u56fdHCL Technologies\u516c\u53f8\u901a\u8fc7\u7aef\u70b9\u961f\u5217\u6570\u636e\u7684\u63d0\u5347\u89c6\u56fe\u3001\u4e30\u5bcc\u7684\u62a5\u544a\u4ee5\u53ca\u4e0e\u73b0\u6709\u5546\u4e1a\u667a\u80fd\u5de5\u5177\u7684\u96c6\u6210\uff0c\u52a0\u5feb\u98ce\u9669\u8bc6\u522b\u548c\u51b3\u7b56\u5236\u5b9a\u3002\n\nHCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5b58\u5728\u5f31\u52a0\u5bc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u5f31\u52a0\u5bc6\u6280\u672f\uff0c\u5bfc\u81f4\u51ed\u8bc1\u66b4\u9732\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u4fee\u6539\u6570\u636e\u7b49\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-84329",
  "openTime": "2023-11-09",
  "patchDescription": "HCL Technologies BigFix Insights\u662f\u7f8e\u56fdHCL Technologies\u516c\u53f8\u901a\u8fc7\u7aef\u70b9\u961f\u5217\u6570\u636e\u7684\u63d0\u5347\u89c6\u56fe\u3001\u4e30\u5bcc\u7684\u62a5\u544a\u4ee5\u53ca\u4e0e\u73b0\u6709\u5546\u4e1a\u667a\u80fd\u5de5\u5177\u7684\u96c6\u6210\uff0c\u52a0\u5feb\u98ce\u9669\u8bc6\u522b\u548c\u51b3\u7b56\u5236\u5b9a\u3002\r\n\r\nHCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5b58\u5728\u5f31\u52a0\u5bc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u5f31\u52a0\u5bc6\u6280\u672f\uff0c\u5bfc\u81f4\u51ed\u8bc1\u66b4\u9732\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u4fee\u6539\u6570\u636e\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5f31\u52a0\u5bc6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HCL Technologies BigFix Insights for Vulnerability Remediation (IVR) \u003c2.0.3"
  },
  "referenceLink": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005",
  "serverity": "\u4e2d",
  "submitTime": "2023-10-13",
  "title": "HCL Technologies BigFix Insights for Vulnerability Remediation (IVR)\u5f31\u52a0\u5bc6\u6f0f\u6d1e"
}

FKIE_CVE-2022-44757

Vulnerability from fkie_nvd - Published: 2023-10-11 07:15 - Updated: 2024-11-21 07:28

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

References

	URL	Tags
	psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005	Vendor Advisory

Impacted products

	Vendor	Product	Version
	hcltech	bigfix_insights_for_vulnerability_remediation	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F53F59E-AF8B-4EEA-AB79-E6B1DD6EEFBF",
              "versionEndExcluding": "2.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n"
    },
    {
      "lang": "es",
      "value": "BigFix Insights for Vulnerability Remediation (IVR) utiliza criptograf\u00eda d\u00e9bil que puede provocar la exposici\u00f3n de las credenciales. Un atacante podr\u00eda obtener acceso a informaci\u00f3n confidencial, modificar datos de formas inesperadas, etc."
    }
  ],
  "id": "CVE-2022-44757",
  "lastModified": "2024-11-21T07:28:26.430",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-11T07:15:09.237",
  "references": [
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-44757

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-44757

Aliases

CVE-2022-44757

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-44757",
    "id": "GSD-2022-44757"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-44757"
      ],
      "details": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n",
      "id": "GSD-2022-44757",
      "modified": "2023-12-13T01:19:25.331523Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@hcl.com",
        "ID": "CVE-2022-44757",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BigFix Insights for Vulnerability Remediation",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c=2.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HCL Software"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005",
            "refsource": "MISC",
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "ID": "CVE-2022-44757"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2023-10-23T14:50Z",
      "publishedDate": "2023-10-11T07:15Z"
    }
  }
}

WID-SEC-W-2023-2797

Vulnerability from csaf_certbund - Published: 2023-10-31 23:00 - Updated: 2023-10-31 23:00

Summary

HCL BigFix: Mehrere Schwachstellen ermöglichen Manipulation von Dateien

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2797 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2797.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2797 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2797"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2023-10-31",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
      }
    ],
    "source_lang": "en-US",
    "title": "HCL BigFix: Mehrere Schwachstellen erm\u00f6glichen Manipulation von Dateien",
    "tracking": {
      "current_release_date": "2023-10-31T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:54.136+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2797",
      "initial_release_date": "2023-10-31T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-31T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL BigFix IVR \u003c 2.0.3",
            "product": {
              "name": "HCL BigFix IVR \u003c 2.0.3",
              "product_id": "T030860",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltech:bigfix:ivr__2.0.3"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-44758",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix existieren mehrere Schwachstellen. Die Fehler bestehen in der Komponente Insights for Vulnerability Remediation aufgrund schwacher Kryptographie und bei der Behandlung innerhalb bestimmter Fixlet-Inhalte. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren."
        }
      ],
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2022-44758"
    },
    {
      "cve": "CVE-2022-44757",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix existieren mehrere Schwachstellen. Die Fehler bestehen in der Komponente Insights for Vulnerability Remediation aufgrund schwacher Kryptographie und bei der Behandlung innerhalb bestimmter Fixlet-Inhalte. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren."
        }
      ],
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2022-44757"
    }
  ]
}

GHSA-C97H-4JJP-RQVH

Vulnerability from github – Published: 2023-10-11 09:34 – Updated: 2024-04-04 08:33

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-44757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T07:15:09Z",
    "severity": "HIGH"
  },
  "details": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.  An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n",
  "id": "GHSA-c97h-4jjp-rqvh",
  "modified": "2024-04-04T08:33:15Z",
  "published": "2023-10-11T09:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44757"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-44757 (GCVE-0-2022-44757)

CNVD-2023-84329

FKIE_CVE-2022-44757

GSD-2022-44757

WID-SEC-W-2023-2797

GHSA-C97H-4JJP-RQVH

Tags

Sightings

Nomenclature