CVE-2020-4095

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."

Published: Jul 16, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-4095
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-522
CWE-312

OWASP TOP 10:

A2 - Broken Authentication
A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
hcltech / bigfix_platform	9.5	9.5.15.x
hcltech / bigfix_platform	9.2	9.2.19.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080772

Vulnerability Database

289,697

CVE-2020-4095