CVE-2024-42213

EUVD-2025-13437
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment.  An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
HCLCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
hcltechbigfix_compliance
2.0.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961