CVE-2024-42213
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCL Software | HCL BigFix Compliance | 2.0.12 | affected |
Weaknesses
- CWE-531: CWE-531 Inclusion of Sensitive Information in Test Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.