BigFix version 10.0.8 is using a version of cURL that is reported to be vulnerable. The vulnerable version of cURL is 7.86, This BigFix link lists the version used https://support.bigfix.com/bes/release/10.0/patch8/
Is there a ptav=ch or a fix that can be applied to use version 7.87 or later? This vulnerability shows up in a compliance audit using Nessus.
the next BigFix Platform 10.0.9, coming up shortly, will include, among other things, upgrade to latest cURL version.
Alessandro Dinia, BigFix Product Manager
Platform version 10.0.9 is available. Thank you