Lucene search

[email protected]CVE-2023-37520

HistoryDec 21, 2023 - 11:15 p.m.

CVE-2023-37520

2023-12-2123:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-37520

unauthenticated

stored xss

bigfix server

vulnerability

data exfiltration

nvd

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

Affected configurations

NVD

Node

hcltechbigfix_platformRange9.5–9.5.23

hcltechbigfix_platformRange10.0.0–10.0.10

hcltechbigfix_platformMatch11.0.0

CPENameOperatorVersion
hcltech:bigfix_platformhcltech bigfix platformlt9.5.23
hcltech:bigfix_platformhcltech bigfix platformlt10.0.10
hcltech:bigfix_platformhcltech bigfix platformeq11.0.0

CPE	Name	Operator	Version
hcltech:bigfix_platform	hcltech bigfix platform	lt	9.5.23
hcltech:bigfix_platform	hcltech bigfix platform	lt	10.0.10
hcltech:bigfix_platform	hcltech bigfix platform	eq	11.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix Platform",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.5.x, 10.0.x, 11.0.0"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-37520

cvelist1 prion1 nvd1