Symantec EPM Fixlet Import Lacks Proper Warnings CVE-2022-42453
CVE-2022-42453 Published on December 19, 2022
HCL BigFix Platform is affected by insufficient warnings
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.
Vulnerability Analysis
CVE-2022-42453 can be exploited with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2022-42453 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2022-42453
stack.watch emails you whenever new vulnerabilities are published in Hcltech Bigfix Platform or Symantec Endpoint Protection Manager. Just hit a watch button to start following.
Affected Versions
HCL Software BigFix Platform Version 9.5 - 9.5.20, 10 - 10.0.7 is affected by CVE-2022-42453Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.