Clear Text Disclosure of SMTP Sensitive Data in BigFix Notification Service

Clear Text Disclosure of SMTP Sensitive Data in BigFix Notification Service

CVE-2022-38658 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.

Learn more about our Web Application Penetration Testing UK.