fkie_nvd - fkie_cve-2025-52619

fkie_cve-2025-52619

Vulnerability from fkie_nvd

Published

2025-08-15 23:15

Modified

2025-08-18 20:16

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.

References

▶	URL	Tags
	psirt@hcl.com	https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330

Impacted products

	Vendor	Product	Version

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure.  Under certain conditions, error messages disclose sensitive version information about the underlying platform."
    },
    {
      "lang": "es",
      "value": "HCL BigFix SaaS Authentication Service se ve afectado por una filtraci\u00f3n de informaci\u00f3n confidencial. En determinadas circunstancias, los mensajes de error revelan informaci\u00f3n confidencial sobre la versi\u00f3n de la plataforma subyacente."
    }
  ],
  "id": "CVE-2025-52619",
  "lastModified": "2025-08-18T20:16:28.750",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-15T23:15:26.343",
  "references": [
    {
      "source": "psirt@hcl.com",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123330"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "psirt@hcl.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-52619 (GCVE-0-2025-52619)

Vulnerability from cvelistv5

Published

2025-08-15 22:48

Modified

2025-08-18 14:51

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Summary

HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.

References

►

URL

Tags

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330

Impacted products

	Vendor	Product	Version
	HCL Software	BigFix SaaS Remediate	Version: < 8.1.14

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T14:51:02.433523Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T14:51:20.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix SaaS Remediate",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.1.14"
            }
          ]
        }
      ],
      "datePublic": "2025-08-15T22:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure.  Under certain conditions, error messages disclose sensitive version information about the underlying platform.\u003cbr\u003e"
            }
          ],
          "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure.  Under certain conditions, error messages disclose sensitive version information about the underlying platform."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T22:48:40.096Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123330"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2025-52619",
    "datePublished": "2025-08-15T22:48:40.096Z",
    "dateReserved": "2025-06-18T14:00:40.357Z",
    "dateUpdated": "2025-08-18T14:51:20.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.