Lucene search
HCLCVELIST:CVE-2023-28019HistoryJul 18, 2023 - 5:57 p.m.
CVE-2023-28019 An SQL injection affects BigFix WebUI API
2023-07-1817:57:23
HCL
www.cve.org
cve-2023-28019
sql injection
bigfix webui api
insufficient validation
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.9%
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "HCL BigFix WebUI API",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "< 14"
}
]
}
]Related
nvd
nvd
CVE-2023-28019
2023-07-18 18:15:11
prion
prion
Input validation
2023-07-18 18:15:00
cve
cve
CVE-2023-28019
2023-07-18 18:15:11
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.9%
Related for CVELIST:CVE-2023-28019