CNNVD-202511-415 Information

Nov 05, 2025 cve

CNNVD ID

CNNVD-202511-415

CVE-2025-52602

CNNVD Published: 2025-11-05

Description (Chinese)

HCL BigFix Query是印度HCL公司的一个实时查询和收集系统状态数据的模块。 HCL BigFix Query存在安全漏洞，该漏洞源于WebUI Query应用程序中的HTTP GET端点请求返回可发现的响应，可能泄露组名和活动用户名或ID，攻击者可利用该信息进行钓鱼或其他社会工程攻击。

Description (English)

HCL BigFix Query is a module of HCL India for real-time searching and collecting system status data. HCL BigFix Query has a security loophole, which stems from the HTTP GET endpoint in a WebUI Query application requesting the return of a detectable response that may reveal the name of the group and the user of the activity or ID, which can be used by the attackers to fish or other social engineering attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HCL

Published

2025-11-05

Last Modified

2026-02-24

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950

Patch

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950

Share on: