PT-2024-23211 · Hcl · Hcl Bigfix Compliance

Published

2024-11-07

Updated

2024-11-08

CVE-2024-30141

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions HCL BigFix Compliance version 2.0.11

Description The issue concerns the generation of error messages that contain sensitive information. Detailed error messages can provide enticing information or expose details about the environment, users, or associated data. The problem is remotely exploitable.

Recommendations For HCL BigFix Compliance version 2.0.11, update the system to a patched version as soon as possible to limit the risk of exploitation. As a temporary workaround, consider restricting access to detailed error messages to minimize the risk of sensitive information exposure.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2024-30141

Affected Products

Hcl Bigfix Compliance

PT-2024-23211 · Hcl · Hcl Bigfix Compliance

CVE-2024-30141

Weakness Enumeration

Related Identifiers

Affected Products

References · 7