CVE-2024-42185

LOW

BigFix Patch Download Plug-ins - Code Injection

Title source: llm

Description

BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access.

References (1)

[Various Sources] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565

Scores

CVSS v3 2.5

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

HCL Software/BigFix Patch Management Download Plug-ins 1177 and below

Published Jan 23, 2025

Tracked Since Feb 18, 2026