Description
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- HCL Software / BigFix Patch Management Download Plug-ins1177 and below – 1177 and below