CVE-2022-38659
HCL BigFix Platform is affected by insecure credential storage
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
En escenarios especĂficos, en Windows las credenciales del operador pueden cifrarse de una manera que no dependa completamente de la máquina.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-22 CVE Reserved
- 2022-12-17 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hcltech Search vendor "Hcltech" | Bigfix Platform Search vendor "Hcltech" for product "Bigfix Platform" | >= 9.5 <= 9.5.20 Search vendor "Hcltech" for product "Bigfix Platform" and version " >= 9.5 <= 9.5.20" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Hcltech Search vendor "Hcltech" | Bigfix Platform Search vendor "Hcltech" for product "Bigfix Platform" | >= 10 <= 10.0.7 Search vendor "Hcltech" for product "Bigfix Platform" and version " >= 10 <= 10.0.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|