4 matches found
CVE-2024-23540
The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file...
CVE-2024-23540 HCL BigFix Inventory is vulnerable to path traversal
The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file...
CVE-2024-23540
CVE-2024-23540 : The HCL BigFix Inventory server is vulnerable to a path traversal flaw that allows an attacker to read internal application files by exploiting improper restrictions on served static files. The vulnerability is mapped to CVSS 3.1: Network, Low attack complexity, Privileges Requir...
Session fixation
Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...