I’m trying to find a security patch for a bunch of client 2008R2 servers. Tenable pointed me to version 9.5.20 support.bigfix.com/bes/release/9.5/patch20/
I cannot find a client to download, only the server. Am I missing something?
It’s the first entry under ‘Agent’
But the newest agent for Win2008 (which, by the way, is a way out-of-support OS) is at https://support.bigfix.com/bes/release/9.5/patch25/
1 Like
Trying to resolve findings on some 20 odd otherwise isolated servers. Not ideal, but if we can these cleared until the assets are decommissioned, it would be a win.
The version of HCL BigFix Client installed on the remote host is affected by multiple vulnerabilities, including the following:
- An improper authentication vulnerability exists in the curl subcomponent which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). (CVE-2022-22576)
- An information disclosure vulnerability exists in the curl subcomponent. Using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. (CVE-2022-27775)
- A insufficiently protected credentials vulnerability in fixed the curl subcomponent might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
(CVE-2022-27776)
The error with the Vista version earlier:
You need to place your environment’s masthead file (.afxm) next to the .exe - you can’t install the agent without an masthead file that would tell it where to report to and how.
1 Like