CVE-2025-52602

{"id": "CVE-2025-52602", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}]}, "published": "2025-11-05T15:15:39.337", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950", "source": "psirt@hcl.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. \u00a0An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). \u00a0An attacker can use that information to target individuals with phishing or other social-engineering attacks."}, {"lang": "es", "value": "HCL BigFix Query se ve afectado por una divulgaci\u00f3n de informaci\u00f3n de informaci\u00f3n sensible en la aplicaci\u00f3n WebUI Query. Una solicitud de punto final HTTP GET devuelve respuestas detectables que pueden revelar: nombres de grupo, nombres de usuario activos (o ID). Un atacante puede usar esa informaci\u00f3n para atacar a individuos con phishing u otros ataques de ingenier\u00eda social."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@hcl.com"}