The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.

Related CVEs

CVE-2024-23540

Key Information

GHSA ID

GHSA-9gj5-whmr-7g98

Published

April 3, 2024 6:30 PM

Last Modified

April 3, 2024 6:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.