CVE-2024-30141

{"id": "CVE-2024-30141", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-07T09:15:03.707", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data."}, {"lang": "es", "value": "HCL BigFix Compliance es vulnerable a la generaci\u00f3n de mensajes de error que contienen informaci\u00f3n confidencial. Los mensajes de error detallados pueden proporcionar informaci\u00f3n incitativa o exponer informaci\u00f3n sobre su entorno, usuarios o datos asociados."}], "lastModified": "2025-06-17T21:03:22.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_compliance:2.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093AEE43-3BAB-4CA4-A8FF-58E9DB3A40FA"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}