CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42187 – HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-42187
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42186 – HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support
https://notcve.org/view.php?id=CVE-2024-42186
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-295: Improper Certificate Validation •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42185 – HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks
https://notcve.org/view.php?id=CVE-2024-42185
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42184 – HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme
https://notcve.org/view.php?id=CVE-2024-42184
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42183 – HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability
https://notcve.org/view.php?id=CVE-2024-42183
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-494: Download of Code Without Integrity Check •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42182 – HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-42182
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-918: Server-Side Request Forgery (SSRF) •