CVE-2024-30117

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:bigfix_platform::::::::
	cpe:2.3:a:hcltech:bigfix_platform::::::::
	cpe:2.3:a:hcltech:bigfix_platform::::::::

History

17 Oct 2024, 21:01

Type	Values Removed	Values Added
First Time		Hcltech Hcltech bigfix Platform
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~2.5~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:hcltech:bigfix_platform::::::::

15 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Una búsqueda dinámica de una librería de requisitos previos podría permitir que un atacante reemplace el archivo correcto en algunas circunstancias.

14 Oct 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-14 23:15

Updated : 2024-10-17 21:01

NVD link : CVE-2024-30117

Mitre link : CVE-2024-30117

CVE.ORG link : CVE-2024-30117

JSON object : View

Products Affected

hcltech

bigfix_platform

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2024-30117", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.8}]}, "published": "2024-10-14T23:15:11.407", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances."}, {"lang": "es", "value": "Una b\u00fasqueda din\u00e1mica de una librer\u00eda de requisitos previos podr\u00eda permitir que un atacante reemplace el archivo correcto en algunas circunstancias."}], "lastModified": "2024-10-17T21:01:17.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89381821-8CEB-4749-BDF3-96ACAE9030BE", "versionEndExcluding": "9.5.25", "versionStartIncluding": "9.5"}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60CBB527-DAB4-4686-8706-0669FE5D04C0", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F001532-936A-4035-AE05-C68080C0A211", "versionEndExcluding": "11.0.3", "versionStartIncluding": "11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}