CVE-2024-23583

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name	Vendor	Start Version	End Version
Bigfix_platform	Hcltech	9.5 (including)	9.5.25 (excluding)
Bigfix_platform	Hcltech	10 (including)	10.0.12 (excluding)
Bigfix_platform	Hcltech	11.0.1 (including)	11.0.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/474.html
https://cwe.mitre.org/data/definitions/50.html
https://cwe.mitre.org/data/definitions/509.html
https://cwe.mitre.org/data/definitions/551.html
https://cwe.mitre.org/data/definitions/555.html
https://cwe.mitre.org/data/definitions/560.html
https://cwe.mitre.org/data/definitions/561.html
https://cwe.mitre.org/data/definitions/600.html
https://cwe.mitre.org/data/definitions/644.html
https://cwe.mitre.org/data/definitions/645.html
https://cwe.mitre.org/data/definitions/652.html
https://cwe.mitre.org/data/definitions/653.html

References

https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113140
https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113140

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-23583
CWE	https://cwe.mitre.org/data/definitions/522.html

Insufficiently Protected Credentials

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References