CVE Published: 22/12/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: HCL |
Vendor: HCL Software |
Product: BigFix Server Automation Status : PUBLISHED
CVE-2022-38658 Description
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator\'s sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.
Metrics
CVSS Version: 3.1 |
Base Score: 7.7 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* NONE Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE Name: n/a Source: HCL Software
Common Attack Pattern Enumeration and Classification (CAPEC)