CVE-2023-37525

Summary

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareBigFix Compliance2.0.9affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References