MEDIUM🇵🇱 Wersja polska

CVE-2023-37525

CVSS 5.3v3.1pub. 2026-01-28upd. 2026-02-12

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Hcltech Bigfix Compliance

    APP
    Hcltech
    2.0.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-27756HIGH7.5ten sam produkt

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are n...

CVE-2024-42213MEDIUM5.3ten sam produkt

HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An atta...

CVE-2024-42212MEDIUM5.4ten sam produkt

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site R...

CVE-2024-30140MEDIUM5.4ten sam produkt

HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated b...

CVE-2024-30141MEDIUM4.7ten sam produkt

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Det...