CVE-2024-30141 Vulnerability Details

  /     /     /  

CVE-2024-30141 Metadata Quick Info

CVE Published: 07/11/2024 | CVE Updated: 07/11/2024 | CVE Year: 2024
Source: HCL | Vendor: HCL Software | Product: BigFix Compliance
Status : PUBLISHED

---

CVE-2024-30141 Description

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.

Metrics

CVSS Version: 3.1 | Base Score: 4.7 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-209
CWE Name: CWE-209 Generation of Error Message Containing Sensitive Information
Source: HCL Software

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).