CVE-2024-42184— HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-42184
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme
Source: NVD (National Vulnerability Database)
Vulnerability Description
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
Web页面编码URIScheme转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix Patch Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix Patch Management是美国HCL公司的一个全面的补丁管理解决方案,用于帮助组织有效地管理和部署操作系统和应用程序的安全和非安全补丁。 HCL BigFix Patch Management存在安全漏洞,该漏洞源于包含一个对文件 URI 方案的不安全支持。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCL Software | BigFix Patch Management Download Plug-ins | 1177 and below | - |
II. Public POCs for CVE-2024-42184
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-42184
请登录查看更多情报信息。
Same Patch Batch · HCL Software · 2025-01-23 · 6 CVEs total
| CVE-2024-42187 | 5.3 MEDIUM | HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability |
| CVE-2024-42186 | 2.8 LOW | HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support |
| CVE-2024-42185 | 2.5 LOW | HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptibl |
| CVE-2024-42183 | 2.5 LOW | HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerabilit |
| CVE-2024-42182 | 2.5 LOW | HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vuln |
IV. Related Vulnerabilities
Same product: BigFix Patch Management Download Plug-ins
- CVE-2024-42187
HCL BigFix Patch Download Plug-ins are affected by path trav - CVE-2024-42186
HCL BigFix Patch Download Plug-ins are affected by an insecu - CVE-2024-42185
HCL BigFix Patch Download Plug-ins are affected by an insecu - CVE-2024-42183
HCL BigFix Patch Download Plug-ins are affected by an arbitr - CVE-2024-42182
HCL BigFix Patch Download Plug-ins are affected by Server-Si
Same vendor: HCL Software
- CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root - CVE-2025-31976
HCL BigFix Service Management (SM) is vulnerable to insuffic - CVE-2025-31978
HCL BigFix Service Management (SM) does not adequately sanit - CVE-2025-31959
HCL BigFix Service Management (SM) application fails to stri - CVE-2025-31982
HCL BigFix Service Management (SM) had directories that were
Same weakness: CWE-84
- CVE-2025-58444
MCP Inspector is Vulnerable to Potential Command Execution v - CVE-2024-52890
IBM Engineering Lifecycle Optimization - Publishing cross-si - CVE-2025-30203
Tuleap allows XSS via the content of RSS feeds in the RSS wi - CVE-2024-45045
JavaScript Injection via url encoded values in links in Coll - CVE-2023-30959
Stored XSS via javascript URI in Apollo Change Requests comm
V. Comments for CVE-2024-42184
No comments yet