CVE-2022-38658

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102117	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hcltech:bigfix_server_automation:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:50

Type	Values Removed	Values Added
Summary	BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.	BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~NVD-CWE-noinfo~~	CWE-311

Information

Published : 2022-12-24 00:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-38658

Mitre link : CVE-2022-38658

CVE.ORG link : CVE-2022-38658

JSON object : View

Products Affected

hcltech

bigfix_server_automation

microsoft

windows

CWE

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2022-38658", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.3}]}, "published": "2022-12-24T00:15:08.707", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102117", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.\n"}, {"lang": "es", "value": "Los despliegues de BigFix que han instalado el servicio de notificaci\u00f3n en Windows son susceptibles de revelar datos confidenciales del operador SMTP de BigFix en texto plano. Los operadores que utilizan contenido relacionado con el Servicio de notificaciones de BES Support corren el riesgo de dejar expuestos sus datos confidenciales SMTP."}], "lastModified": "2023-11-07T03:50:10.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_server_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A77EF9CE-3CD4-49F8-992C-206363E93794", "versionEndIncluding": "3.2.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@hcl.com"}