Vulnerability Database

313,552

Total vulnerabilities in the database

CVE-2020-4095

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."

Published: Jul 16, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-4095
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Affected Software
References

Software	From	Fixed in
hcltech / bigfix_platform	9.5	9.5.15.x
hcltech / bigfix_platform	9.2	9.2.19.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080772

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo