CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44757 – HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography
https://notcve.org/view.php?id=CVE-2022-44757
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. BigFix Insights for Vulnerability Remediation (IVR) utiliza criptografía débil que puede provocar la exposición de las credenciales. Un atacante podría obtener acceso a información confidencial, modificar datos de formas inesperadas, etc. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44758 – HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper credential handling
https://notcve.org/view.php?id=CVE-2022-44758
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. El fixlet de BigFix Insights/IVR utiliza un manejo de credenciales inadecuado dentro de determinado contenido del fixlet. Un atacante puede obtener acceso a información que no está explícitamente autorizada. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23344 – HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization
https://notcve.org/view.php?id=CVE-2023-23344
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105705 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27757
https://notcve.org/view.php?id=CVE-2021-27757
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." Un problema de almacenamiento de contraseñas no seguro. La aplicación almacena información confidencial en texto sin cifrar dentro de un recurso que podría ser accesible a otra esfera de control. Dado que la información es almacenada en texto sin cifrar, los atacantes podrían potencialmente leerla y conseguir acceso a información confidencial • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095303 • CWE-312: Cleartext Storage of Sensitive Information •