Description
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- HCL Software / BigFix Inventoryv9.x, v10.x, v11.0.0.0, v11.0.1.0 – v9.x, v10.x, v11.0.0.0, v11.0.1.0