Sensitive Information Disclosure in HCL BigFix Compliance by HCL Technologies
CVE-2023-37525
5.3MEDIUM
What is CVE-2023-37525?
A security flaw in HCL BigFix Compliance permits remote attackers to access sensitive files located within the WEB-INF directory. These files may include critical Java class files and configuration data, which can lead to unauthorized access to the application's sensitive internals, compromising the system's integrity and confidentiality.
Affected Version(s)
BigFix Compliance 2.0.9