Vulnerabilites related to hcltech - bigfix_compliance
CVE-2024-42212 (GCVE-0-2024-42212)
Vulnerability from cvelistv5
Published
2025-05-05 18:40
Modified
2025-05-05 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
Summary
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix Compliance |
Version: 2.0.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T19:00:09.530206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T19:01:02.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.12"
}
]
}
],
"datePublic": "2025-05-05T17:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user\u0027s browser into making unintended requests using authenticated sessions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user\u0027s browser into making unintended requests using authenticated sessions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1275",
"description": "CWE-1275 Sensitive Cookie with Improper SameSite Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T18:40:57.390Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120961"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is affected by an improper or missing SameSite attribute",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42212",
"datePublished": "2025-05-05T18:40:57.390Z",
"dateReserved": "2024-07-29T21:32:16.370Z",
"dateUpdated": "2025-05-05T19:01:02.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42213 (GCVE-0-2024-42213)
Vulnerability from cvelistv5
Published
2025-05-05 19:00
Modified
2025-05-05 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-531 - Inclusion of Sensitive Information in Test Code
Summary
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix Compliance |
Version: 2.0.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T19:05:21.890292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T19:05:39.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.12"
}
]
}
],
"datePublic": "2025-05-05T17:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-531",
"description": "CWE-531 Inclusion of Sensitive Information in Test Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T19:00:33.692Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120961"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42213",
"datePublished": "2025-05-05T19:00:33.692Z",
"dateReserved": "2024-07-29T21:32:16.370Z",
"dateUpdated": "2025-05-05T19:05:39.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30141 (GCVE-0-2024-30141)
Vulnerability from cvelistv5
Published
2024-11-07 08:36
Modified
2024-11-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Compliance |
Version: 2.0.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:28:21.005823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:28:28.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.11"
}
]
}
],
"datePublic": "2024-11-07T07:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T08:36:13.573Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117197"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30141",
"datePublished": "2024-11-07T08:36:13.573Z",
"dateReserved": "2024-03-22T23:57:24.981Z",
"dateUpdated": "2024-11-07T14:28:28.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30126 (GCVE-0-2024-30126)
Vulnerability from cvelistv5
Published
2024-07-18 19:17
Modified
2024-10-30 16:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Compliance |
Version: 2.0.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T20:04:54.543941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T16:24:33.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.x"
}
]
}
],
"datePublic": "2024-07-18T17:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T19:17:01.983Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is affected by a missing X-Frame-Options Header vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30126",
"datePublished": "2024-07-18T19:17:01.983Z",
"dateReserved": "2024-03-22T23:57:23.589Z",
"dateUpdated": "2024-10-30T16:24:33.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27756 (GCVE-0-2021-27756)
Vulnerability from cvelistv5
Published
2022-03-04 21:18
Modified
2024-08-03 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- "Sensitive Data Exposure"
Summary
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "BigFix Compliance Server" |
Version: "BigFix Compliance Server 2.0 - 2.0.5" |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"BigFix Compliance Server\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"BigFix Compliance Server 2.0 - 2.0.5\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Sensitive Data Exposure\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T21:18:06",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2021-27756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"BigFix Compliance Server\"",
"version": {
"version_data": [
{
"version_value": "\"BigFix Compliance Server 2.0 - 2.0.5\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Sensitive Data Exposure\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096977",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2021-27756",
"datePublished": "2022-03-04T21:18:06",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30140 (GCVE-0-2024-30140)
Vulnerability from cvelistv5
Published
2024-11-07 08:17
Modified
2024-11-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Compliance |
Version: 2.0.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:28:39.480382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:28:47.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.11"
}
]
}
],
"datePublic": "2024-11-07T07:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T08:17:56.737Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117197"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is affected by unvalidated redirects and forwards",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30140",
"datePublished": "2024-11-07T08:17:56.737Z",
"dateReserved": "2024-03-22T23:57:24.980Z",
"dateUpdated": "2024-11-07T14:28:47.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30125 (GCVE-0-2024-30125)
Vulnerability from cvelistv5
Published
2024-07-18 17:59
Modified
2024-11-12 20:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Compliance |
Version: 2.0.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:22:43.393215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:40:57.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.x"
}
]
}
],
"datePublic": "2024-07-18T17:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T19:21:24.064Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is affected by an internal server error",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30125",
"datePublished": "2024-07-18T17:59:48.338Z",
"dateReserved": "2024-03-22T23:57:22.507Z",
"dateUpdated": "2024-11-12T20:40:57.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30142 (GCVE-0-2024-30142)
Vulnerability from cvelistv5
Published
2024-11-07 08:58
Modified
2024-11-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Compliance |
Version: 2.0.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:28:01.768372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:28:08.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Compliance",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0.11"
}
]
}
],
"datePublic": "2024-11-07T07:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T08:59:01.192Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117197"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Compliance is affected by a missing secure flag on a cookie",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30142",
"datePublished": "2024-11-07T08:58:42.811Z",
"dateReserved": "2024-03-22T23:57:24.981Z",
"dateUpdated": "2024-11-07T14:28:08.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-03-04 22:15
Modified
2024-11-21 05:58
Severity ?
Summary
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096977 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096977 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53D8BC10-FBD7-4124-93EF-568EEFD6D78F",
"versionEndExcluding": "2.0.6",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.\""
},
{
"lang": "es",
"value": "Los conjuntos de cifrado TLS-RSA no est\u00e1n deshabilitados en BigFix Compliance versiones hasta 2.0.5. Si TLS versi\u00f3n 2.0 y los cifrados seguros no est\u00e1n habilitados, un atacante puede grabar el tr\u00e1fico de forma pasiva y descifrarlo posteriormente"
}
],
"id": "CVE-2021-27756",
"lastModified": "2024-11-21T05:58:30.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-04T22:15:18.850",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096977"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-18 18:15
Modified
2025-06-17 21:02
Severity ?
Summary
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3301F5D-57E1-4FE2-8397-26C7FA083278",
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die."
},
{
"lang": "es",
"value": "El servidor HCL BigFix Compliance puede responder con un estado HTTP de 500, lo que indica un error del lado del servidor que puede provocar la interrupci\u00f3n del proceso del servidor."
}
],
"id": "CVE-2024-30125",
"lastModified": "2025-06-17T21:02:15.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 4.7,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2024-07-18T18:15:05.460",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-07 09:15
Modified
2025-06-17 21:03
Severity ?
Summary
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | 2.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "093AEE43-3BAB-4CA4-A8FF-58E9DB3A40FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data."
},
{
"lang": "es",
"value": "HCL BigFix Compliance es vulnerable a la generaci\u00f3n de mensajes de error que contienen informaci\u00f3n confidencial. Los mensajes de error detallados pueden proporcionar informaci\u00f3n incitativa o exponer informaci\u00f3n sobre su entorno, usuarios o datos asociados."
}
],
"id": "CVE-2024-30141",
"lastModified": "2025-06-17T21:03:22.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2024-11-07T09:15:03.707",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117197"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-07 09:15
Modified
2025-06-17 21:03
Severity ?
Summary
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | 2.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "093AEE43-3BAB-4CA4-A8FF-58E9DB3A40FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel."
},
{
"lang": "es",
"value": "HCL BigFix Compliance se ve afectado por la falta de una bandera de seguridad en una cookie. Si no se establece una bandera de seguridad, un atacante puede robar las cookies mediante XSS, lo que da como resultado un acceso no autorizado o las cookies de sesi\u00f3n podr\u00edan transferirse a trav\u00e9s de un canal no cifrado."
}
],
"id": "CVE-2024-30142",
"lastModified": "2025-06-17T21:03:34.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2024-11-07T09:15:03.907",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117197"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-18 20:15
Modified
2025-06-17 21:02
Severity ?
Summary
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3301F5D-57E1-4FE2-8397-26C7FA083278",
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge."
},
{
"lang": "es",
"value": "El cumplimiento de HCL BigFix se ve afectado por la falta de un encabezado HTTP X-Frame-Options que puede permitir a un atacante crear un sitio web malicioso que incrusta el sitio web de destino en un frame o iframe, enga\u00f1ando a los usuarios para que realicen acciones en el sitio web de destino sin su conocimiento."
}
],
"id": "CVE-2024-30126",
"lastModified": "2025-06-17T21:02:33.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2024-07-18T20:15:03.967",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-07 09:15
Modified
2025-06-17 21:03
Severity ?
Summary
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | 2.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "093AEE43-3BAB-4CA4-A8FF-58E9DB3A40FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page."
},
{
"lang": "es",
"value": "HCL BigFix Compliance se ve afectado por redirecciones y reenv\u00edos no validados. El encabezado HOST puede ser manipulado por un atacante y, como resultado, puede contaminar la memoria cach\u00e9 web y devolver la p\u00e1gina a los usuarios."
}
],
"id": "CVE-2024-30140",
"lastModified": "2025-06-17T21:03:05.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2024-11-07T09:15:03.480",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117197"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-05 19:15
Modified
2025-06-17 21:04
Severity ?
Summary
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | 2.0.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7311D7E0-CAA9-4487-867B-22F6D3507029",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user\u0027s browser into making unintended requests using authenticated sessions."
},
{
"lang": "es",
"value": "HCL BigFix Compliance se ve afectada por un atributo SameSite incorrecto o ausente. Esto puede provocar ataques de Cross-Site Request Forgery (CSRF), donde un sitio malicioso podr\u00eda enga\u00f1ar al navegador de un usuario para que realice solicitudes no deseadas mediante sesiones autenticadas."
}
],
"id": "CVE-2024-42212",
"lastModified": "2025-06-17T21:04:05.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2025-05-05T19:15:55.353",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120961"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1275"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-05 19:15
Modified
2025-06-17 21:04
Severity ?
Summary
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_compliance | 2.0.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7311D7E0-CAA9-4487-867B-22F6D3507029",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure."
},
{
"lang": "es",
"value": "HCL BigFix Compliance se ve afectada por la inclusi\u00f3n de archivos temporales que permanecen en el entorno de producci\u00f3n. Un atacante podr\u00eda acceder a estos archivos index\u00e1ndolos o recuper\u00e1ndolos mediante URL predecibles o permisos mal configurados, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2024-42213",
"lastModified": "2025-06-17T21:04:01.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2025-05-05T19:15:55.500",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120961"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-531"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}