Описание
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks.
EPSS
Процентиль: 12%
0.00041
Низкий
4.2 Medium
CVSS3
Дефекты
CWE-359
Связанные уязвимости
CVSS3: 4.2
github
3 месяца назад
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks.
EPSS
Процентиль: 12%
0.00041
Низкий
4.2 Medium
CVSS3
Дефекты
CWE-359