MEDIUM🇵🇱 Wersja polska

CVE-2024-30141

CVSS 4.7v3.1pub. 2024-11-07upd. 2025-06-17

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
  • Hcltech Bigfix Compliance

    APP
    Hcltech
    2.0.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-27756HIGH7.5ten sam produkt

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are n...

CVE-2023-37525MEDIUM5.3ten sam produkt

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the...

CVE-2024-42213MEDIUM5.3ten sam produkt

HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An atta...

CVE-2024-42212MEDIUM5.4ten sam produkt

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site R...

CVE-2024-30140MEDIUM5.4ten sam produkt

HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated b...