← back
CVE-2024-30141

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information

CVSS 4.7 MEDIUMEPSS 0.3%CWE-209
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Affected products
HCL Software · BigFix Compliance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197