CVE-2024-23540

MEDIUM

HCL BigFix Inventory - Path Traversal

Title source: llm

Description

The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.

References (1)

Core 1

Core References

Various Sources

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112015

Scores

CVSS v3 5.3

EPSS 0.0058

EPSS Percentile 43.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

HCL Software/BigFix Inventory 9.x, 10.x

Published Apr 03, 2024

Tracked Since Feb 18, 2026