CVE-2024-42194 - Vulnerability Details - OpenCVE

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118212

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00031}`	epss `{'score': 0.00033}`

Tue, 17 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Dec 2024 17:45:00 +0000

Type	Values Removed	Values Added
Description		An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.
Title		HCL BigFix Inventory is affected by an access control vulnerability
Weaknesses		CWE-280
References		https://https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118212
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-12-17T17:28:24.872Z

Updated: 2024-12-17T20:37:59.293Z

Reserved: 2024-07-29T21:32:08.371Z

Link: CVE-2024-42194

Vulnrichment

Updated: 2024-12-17T20:35:22.171Z

NVD

Status : Received

Published: 2024-12-17T18:15:23.590

Modified: 2024-12-17T18:15:23.590

Link: CVE-2024-42194

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42194", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-07-29T21:32:08.371Z", "datePublished": "2024-12-17T17:28:24.872Z", "dateUpdated": "2024-12-17T20:37:59.293Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix Inventory", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "v9.x, v10.x, v11.0.0.0, v11.0.1.0"}]}], "datePublic": "2024-12-17T17:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call."}], "value": "An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-280", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-12-17T17:28:24.872Z"}, "references": [{"url": "https://https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118212"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix Inventory is affected by an access control vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-17T20:35:20.681983Z", "id": "CVE-2024-42194", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-17T20:37:59.293Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42194", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-17T20:35:20.681983Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-17T20:35:22.171Z"}}], "cna": {"title": "HCL BigFix Inventory is affected by an access control vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "BigFix Inventory", "versions": [{"status": "affected", "version": "v9.x, v10.x, v11.0.0.0, v11.0.1.0"}], "defaultStatus": "unaffected"}], "datePublic": "2024-12-17T17:20:00.000Z", "references": [{"url": "https://https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118212"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.", "supportingMedia": [{"type": "text/html", "value": "An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-280", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-12-17T17:28:24.872Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42194", "state": "PUBLISHED", "dateUpdated": "2024-12-17T20:37:59.293Z", "dateReserved": "2024-07-29T21:32:08.371Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-12-17T17:28:24.872Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}