support.hcltechsw.com
Open in
urlscan Pro
149.96.234.45
Public Scan
Submitted URL: http://www.nessus.org/u?1447ec9c
Effective URL: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098998
Submission: On March 07 via api from IN — Scanned from DE
Effective URL: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098998
Submission: On March 07 via api from IN — Scanned from DE
Form analysis
1 forms found in the DOM<form ng-if="!c.data.aisEnabled" ng-submit="c.submitSearch()" role="search" class="ng-pristine ng-valid ng-scope" style="">
<input type="hidden" name="id" value="search" autocomplete="off">
<input type="hidden" name="t" value="" autocomplete="off">
<div class="input-group input-group- input-group-typeahead" role="presentation"> <!-- uses ui.bootstrap.typeahead -->
<!-- ngIf: c.isTypeAheadEnabled && c.showSuggestions -->
<!-- ngIf: c.isTypeAheadEnabled && !c.showSuggestions --><input ng-if="c.isTypeAheadEnabled && !c.showSuggestions" name="q" placeholder="Search All Sources" ng-model="c.searchTerm" autocomplete="off"
uib-typeahead="item as item.primary for item in c.getResults($viewValue)" typeahead-wait-ms="c.data.typeaheadWaitMS" typeahead-min-length="c.data.typeaheadMinLength" typeahead-focus-first="false"
typeahead-on-select="c.onSelect($item, $model, $label)" typeahead-template-url="sp-typeahead.html" typeahead-popup-template-url="sp-typeahead-popup.html" class="form-control input-typeahead ng-pristine ng-untouched ng-valid ng-scope ng-empty"
role="combobox" aria-autocomplete="list" title="Search All Sources" data-toggle="tooltip" data-placement="bottom" aria-label="Search All Sources" tabindex="0" aria-haspopup="true" aria-owns="typeahead-292-8101" aria-expanded="false">
<ul class="typeahead-popup dropdown-menu ng-isolate-scope ng-hide" aria-label="Search All Sources suggestions" ng-show="isOpen() && !moveInProgress" ng-style="{top: position().top+'px', left: position().left+'px'}" role="listbox"
aria-hidden="true" uib-typeahead-popup="" id="typeahead-292-8101" matches="matches" active="activeIdx" select="select(activeIdx, evt)" move-in-progress="moveInProgress" query="query" position="position" assign-is-open="assignIsOpen(isOpen)"
debounce="debounceUpdate" template-url="sp-typeahead.html" popup-template-url="sp-typeahead-popup.html">
<li role="option" aria-hidden="true" style="display: none"></li>
<!-- ngRepeat: match in matches track by $index -->
</ul><!-- end ngIf: c.isTypeAheadEnabled && !c.showSuggestions -->
<!-- ngIf: !c.isTypeAheadEnabled --> <span class="input-group-btn"> <button name="search" type="submit" class="btn btn-default" title="Search" aria-label="Search" data-toggle="tooltip" data-placement="bottom">
<!-- ngIf: ::c.options.glyph --><i ng-if="::c.options.glyph" class="fa fa-search"></i><!-- end ngIf: ::c.options.glyph --> </button> </span>
</div>
</form>
Text Content
Skip to page contentSkip to chat Skip to main content Customer Support Toggle navigation * * * * Log in * * SUPPORT * REGISTER * RESOURCES * COMMUNITY * ABOUT SUPPORT * * Knowledge ------------------- Actian DRYiCE Industry Software * * * AppScan BigFix Commerce Connections Deploy (Launch) Digital Experience Link Model Realtime (RTist) Notes/Domino OneDB Sametime Test (OneTest) Unica Velocity (Accelerate) Volt MX * * Home All Forums Ask a question * * SUPPORT * REGISTER * RESOURCES * COMMUNITY * ABOUT SUPPORT * * Knowledge ------------------- Actian DRYiCE Industry Software * * * AppScan BigFix Commerce Connections Deploy (Launch) Digital Experience Link Model Realtime (RTist) Notes/Domino OneDB Sametime Test (OneTest) Unica Velocity (Accelerate) Volt MX * * Home All Forums Ask a question * * Home * * Knowledge Search * * Article -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Rate this article ( ) ( ) ( ) ( ) ( ) SECURITY BULLETIN: HCL BIGFIX PLATFORM IS AFFECTED BY MULTIPLE VULNERABILITIES AROUND CURL, SMTP AND HTML INJECTION KB0098998 - Security Bulletin Send feedback SECURITY BULLETIN: HCL BIGFIX PLATFORM IS AFFECTED BY MULTIPLE VULNERABILITIES AROUND CURL, SMTP AND HTML INJECTION published 2y ago2 years ago • 2828 Views • (*) (*) (*) (*) (*) -------------------------------------------------------------------------------- SUMMARY HCL BigFix Platform has addressed security vulnerabilities around curl (CVE-2022-22576, CVE-2022-27775, CVE-2022-27776), SMTP credentials in Web Reports (CVE-2022-27544), html injection in Web Reports (CVE-2022-27545) VULNERABILITY DETAILS CVE ID: CVE-2022-22576 DESCRIPTION: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). CVSS Base Score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE ID: CVE-2022-27775 DESCRIPTION: An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. CVSS Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE ID: CVE-2022-27776 DESCRIPTION: A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. CVSS Base Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE ID: CVE-2022-27544 Description: BigFix Web Reports authorized users may see SMTP credentials in clear text. CVSS Base Score: 5.0 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE ID: CVE-2022-27545 Description: BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. CVSS Base Score: 4.6 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N AFFECTED PRODUCTS AND VERSIONS Affected products and versions Affected product Affected Versions CVE IDs BigFix Platform 10 - 10.0.6 curl (CVE-2022-22576, CVE-2022-27775, CVE-2022-27776), SMTP credentials in Web Reports (CVE-2022-27544), html injection (CVE-2022-27545) BigFix Platform 9.5 - 9.5.19 curl (CVE-2022-22576, CVE-2022-27775, CVE-2022-27776), SMTP credentials in Web Reports (CVE-2022-27544), html injection (CVE-2022-27545) CVE-to-Component Breakdown CVEs Affected components CVE-2022-22576 BigFix Web Reports CVE-2022-27775 All Components but the BigFix Agent CVE-2022-27776 All Components but the BigFix Agent CVE-2022-27544 BigFix Web Reports CVE-2022-27545 BigFix Web Reports REMEDIATION/FIXES Remediation/fixes Product VRMF Remediation/First fix BigFix Platform 10.0.7 Upgrade to Patch 10.0.7 by looking for the associated upgrade-patch fixlets in the Console, launching and applying them. BigFix Platform 9.5.20 Upgrade to Patch 9.5.20 by looking for the associated upgrade-patch fixlets in the Console, launching and applying them or upgrade to version 10.0.7. WORKAROUNDS AND MITIGATIONS None REFERENCES Complete CVSS v3 Guide On-line Calculator v3 Complete CVSS v2 Guide On-line Calculator v2 RELATED INFORMATION HCL PSIRT blog HCL Software PSIRT site HCL Software Support community *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response. "HCL PROVIDES THE CVSS SCORES" "AS IS" "WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY." -------------------------------------------------------------------------------- Copy Permalink BMPCreated with Sketch.BMPZIPCreated with Sketch.ZIPXLSCreated with Sketch.XLSTXTCreated with Sketch.TXTPPTCreated with Sketch.PPTPNGCreated with Sketch.PNGPDFCreated with Sketch.PDFJPGCreated with Sketch.JPGGIFCreated with Sketch.GIFDOCCreated with Sketch.DOC Error Created with Sketch. ALSO IN 'BIGFIX PLATFORM' BigFix 10 - Detailed System Requirements BigFix 11 - Detailed System Requirements BigFix Network Traffic Guide Data Collection: BigFix Client BigFix 9.5 - Detailed System Requirements No other articles View all 1629 articles Copyright © 2024 HCL Technologies Limited Disclaimer / Privacy / Terms of use