CVE-2023-37525 MEDIUM

CVE-2023-37525: HCL BigFix Compliance is vulnerable to a sensitive information disclosure

Vendor Hclsoftware
Product BigFix Compliance
Weakness CWE-497
Published January 28, 2026
Last update January 29, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
January 29, 2026 Record updated

Related vulnerabilities

04Related CVE