heise PlusAbo
Anzeige

Patch fixes faulty access control in HCL BigFix Service Management

Attackers can gain unauthorized access to HCL BigFix Service Management instances. They can manipulate systems.

listen Print view
A symbolic update bar fills up.

(Image: AFANASEV IVAN/Shutterstock.com)

1 min. read
Security
By

The AI-powered endpoint management platform HCL BigFix Service Management is vulnerable. Due to faulty access control, attackers can access instances. A security patch is available for download. So far, there are no reports of attacks.

Access control repaired

Videos by heise

In a warning message, the developers write that attackers can acquire higher user privileges and bypass access restrictions in an unspecified way (CVE-2024-30151 “high”). Sensitive data can then be viewed, and attackers can manipulate systems.

The developers state that HCL BigFix Service Management Version 23 is affected. In Version 27, the security problem has been resolved.

At the beginning of April, the programmers had to fix two security vulnerabilities in HCL Bigfix. These impacted the storage of cryptographic keys and authentication.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten