CVE-2024-42213

Summary

HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL BigFix Compliance2.0.12affected

Weaknesses

  • CWE-531: CWE-531 Inclusion of Sensitive Information in Test Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References