Lucene search

HCLCVELIST:CVE-2023-28023

HistoryJul 18, 2023 - 7:07 p.m.

CVE-2023-28023 HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability

2023-07-1819:07:40

HCL

www.cve.org

cve-2023-28023

hcl bigfix

cross site request forgery

server side systems

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.9%

JSON

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix WebUI Software Distribution",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=44"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVELIST:CVE-2023-28023