Description
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected products
- HCL Software / BigFix Platform9.5 - 9.5.20, 10 - 10.0.7 – 9.5 - 9.5.20, 10 - 10.0.7