CVE-2024-23540

{"id": "CVE-2024-23540", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-03T17:15:50.450", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112015", "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112015", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.\n"}, {"lang": "es", "value": "El servidor HCL BigFix Inventory es vulnerable al path traversal, lo que permite a un atacante leer archivos de aplicaciones internas desde el servidor de Inventory. El servidor de BigFix Inventory no restringe adecuadamente el archivo est\u00e1tico servido."}], "lastModified": "2024-11-21T08:57:55.270", "sourceIdentifier": "psirt@hcl.com"}