CVE-2024-42183

{"id": "CVE-2024-42183", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.8}]}, "published": "2025-01-23T02:15:35.933", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565", "source": "psirt@hcl.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls."}, {"lang": "es", "value": "Los complementos de BigFix Patch Download se ven afectados por una vulnerabilidad de descarga de archivos arbitrarios. Podr\u00eda permitir que un operador malintencionado descargue archivos desde URL arbitrarias sin ning\u00fan tipo de validaci\u00f3n o control de lista de permitidos."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@hcl.com"}