{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-30141","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2024-03-22T23:57:24.981Z","datePublished":"2024-11-07T08:36:13.573Z","dateUpdated":"2024-11-07T14:28:28.086Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"BigFix Compliance","vendor":"HCL Software","versions":[{"status":"affected","version":"2.0.11"}]}],"datePublic":"2024-11-07T07:50:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information.  Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.</span><br>"}],"value":"HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information.  Detailed error messages can provide enticement information or expose information about its environment, users, or associated data."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.7,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-209","description":"CWE-209 Generation of Error Message Containing Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2024-11-07T08:36:13.573Z"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197"}],"source":{"discovery":"UNKNOWN"},"title":"HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-07T14:28:21.005823Z","id":"CVE-2024-30141","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-07T14:28:28.086Z"}}]}}