CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42213 – HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment
https://notcve.org/view.php?id=CVE-2024-42213
05 May 2025 — HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961 • CWE-531: Inclusion of Sensitive Information in Test Code •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42212 – HCL BigFix Compliance is affected by an improper or missing SameSite attribute
https://notcve.org/view.php?id=CVE-2024-42212
05 May 2025 — HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •