CVE-2024-42194

Low

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only…

HCL·CWE-280·Published 2024-12-17

CVSS

3.1

EPSS

0.00

KEV

Exploits

cve.orgen

234 chars

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.

NVDen

234 chars

NVDes

262 chars

Una gestión inadecuada de permisos o privilegios insuficientes afecta a HCL BigFix Inventory. Un atacante que tenga acceso a través de una cuenta de solo lectura podría cambiar ciertos parámetros de configuración manipulando una llamada a la API REST específica.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	3.1	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3.1	Secondary	NVD	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N