Lucene search

HCLCVELIST:CVE-2023-28014

HistoryJul 26, 2023 - 11:31 p.m.

CVE-2023-28014 HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability

2023-07-2623:31:16

HCL

www.cve.org

cve-2023-28014

hcl bigfix mobile

cross-site scripting

authenticated attacker

malicious scripts

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

0.0005 Low

EPSS

Percentile

18.0%

JSON

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix Mobile",
    "vendor": "HCL Software ",
    "versions": [
      {
        "status": "affected",
        "version": "3.0"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106371

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVELIST:CVE-2023-28014