CVE-2020-4095 — MEDIUM (6.0)

Q: How severe is CVE-2020-4095?

CVE-2020-4095 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-4095?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Platform.

Vulnerability Description

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hcltech	Bigfix Platform	>= 9.2, <= 9.2.19

Related Weaknesses (CWE)

CWE-522 CWE-312

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080772Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080772Vendor Advisory

FAQ

What is CVE-2020-4095?

CVE-2020-4095 is a vulnerability with a CVSS score of 6.0 (MEDIUM). "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the crede...

How severe is CVE-2020-4095?

CVE-2020-4095 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4095?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Platform.