CVE Vulnerabilities

CVE-2022-27544

Insufficiently Protected Credentials

Published: Jul 19, 2022 | Modified: Jul 27, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

BigFix Web Reports authorized users may see SMTP credentials in clear text.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Bigfix_platform Hcltech 9.5 (including) 9.5.19 (including)
Bigfix_platform Hcltech 10.0 (including) 10.0.6 (including)

Potential Mitigations

References