VYPR

BigFix Patch Download Plug-ins

by HCL Software

CVEs (5)

  • CVE-2024-42187MedJan 23, 2025
    risk 0.34cvss 5.3epss 0.00

    BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks.

  • CVE-2024-42186LowJan 23, 2025
    risk 0.18cvss 2.8epss 0.00

    BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.

  • CVE-2024-42184LowJan 23, 2025
    risk 0.16cvss 2.5epss 0.00

    BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.

  • CVE-2024-42183LowJan 23, 2025
    risk 0.16cvss 2.5epss 0.00

    BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.

  • CVE-2024-42182LowJan 23, 2025
    risk 0.16cvss 2.5epss 0.00

    BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.