Vulnerabilites related to hcltech - bigfix_webui
Vulnerability from fkie_nvd
Published
2023-07-18 20:15
Modified
2024-11-21 07:53
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*:*", matchCriteriaId: "965E891B-99EF-4048-9330-C2F9EF2E3CB3", versionEndIncluding: "44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). \n", }, ], id: "CVE-2023-28023", lastModified: "2024-11-21T07:53:57.133", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.7, source: "psirt@hcl.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-18T20:15:09.593", references: [ { source: "psirt@hcl.com", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-06 18:15
Modified
2024-11-21 05:58
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:-:*:*:*:*:*:*:*", matchCriteriaId: "C4C67E2C-F0FA-45EE-B69E-51AFA1BAD99A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)", }, { lang: "es", value: "Cookie sin el flag HTTPONLY establecido. La cookie de NUMBER fue establecida sin los flags Secure o HTTPOnly. Las imágenes muestran la cookie con el flag que falta. (WebUI)", }, ], id: "CVE-2021-27764", lastModified: "2024-11-21T05:58:31.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "psirt@hcl.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-06T18:15:08.910", references: [ { source: "psirt@hcl.com", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-614", }, ], source: "psirt@hcl.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-311", }, { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-21 17:15
Modified
2024-11-21 07:16
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | 20 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:20:*:*:*:*:*:*:*", matchCriteriaId: "05C3C4C5-66D4-4F21-B199-B50A3EB87A8A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. \n", }, { lang: "es", value: "A los operadores no maestros de BigFix WebUI les faltan controles que les impiden modificar la relevancia de los fixlets o implementar fixlets desde el sitio externo de soporte de BES.", }, ], id: "CVE-2022-38655", lastModified: "2024-11-21T07:16:52.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 2.7, source: "psirt@hcl.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-21T17:15:09.430", references: [ { source: "psirt@hcl.com", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 19:15
Modified
2024-11-21 07:53
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The BigFix WebUI uses weak cipher suites.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:-:*:*:*:*:*:*:*", matchCriteriaId: "C4C67E2C-F0FA-45EE-B69E-51AFA1BAD99A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The BigFix WebUI uses weak cipher suites.\n", }, ], id: "CVE-2023-28021", lastModified: "2024-11-21T07:53:56.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@hcl.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-18T19:15:09.503", references: [ { source: "psirt@hcl.com", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-17 21:15
Modified
2024-11-21 05:32
Severity ?
Summary
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:-:*:*:*:*:*:*:*", matchCriteriaId: "C4C67E2C-F0FA-45EE-B69E-51AFA1BAD99A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.", }, { lang: "es", value: "HCL BigFix WebUI es vulnerable a un ataque de tipo cross-site scripting (XSS) almacenado dentro del módulo Apps->Software. Un atacante puede usar XSS para enviar un script malicioso a un usuario desprevenido. Esto afecta a todas las versiones anteriores a las últimas versiones como se especifica en https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a", }, ], id: "CVE-2020-4104", lastModified: "2024-11-21T05:32:17.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-17T21:15:13.547", references: [ { source: "psirt@hcl.com", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 18:15
Modified
2024-11-21 07:53
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*:*", matchCriteriaId: "B72ABF7B-9150-4F0D-826C-7EBC8B150C1A", versionEndExcluding: "14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.\n", }, ], id: "CVE-2023-28019", lastModified: "2024-11-21T07:53:56.653", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.4, source: "psirt@hcl.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-18T18:15:11.817", references: [ { source: "psirt@hcl.com", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 19:15
Modified
2024-11-21 07:53
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | bigfix_webui | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hcltech:bigfix_webui:-:*:*:*:*:*:*:*", matchCriteriaId: "C4C67E2C-F0FA-45EE-B69E-51AFA1BAD99A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: " URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.\n", }, ], id: "CVE-2023-28020", lastModified: "2024-11-21T07:53:56.780", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@hcl.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-18T19:15:09.437", references: [ { source: "psirt@hcl.com", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], sourceIdentifier: "psirt@hcl.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-28020
Vulnerability from cvelistv5
Published
2023-07-18 18:09
Modified
2024-10-21 15:35
Severity ?
EPSS score ?
Summary
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix WebUI |
Version: All |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.870Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28020", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:34:55.819707Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T15:35:13.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "HCL BigFix WebUI", vendor: "HCL Software", versions: [ { status: "affected", version: "All", }, ], }, ], datePublic: "2023-07-18T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\"> </span><span style=\"background-color: rgb(255, 255, 255);\">URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.</span><br>", }, ], value: " URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T18:09:13.190Z", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], source: { discovery: "UNKNOWN", }, title: "URL redirection affects BigFix WebUI", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2023-28020", datePublished: "2023-07-18T18:09:13.190Z", dateReserved: "2023-03-10T03:59:29.453Z", dateUpdated: "2024-10-21T15:35:13.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28019
Vulnerability from cvelistv5
Published
2023-07-18 17:57
Modified
2024-10-21 15:56
Severity ?
EPSS score ?
Summary
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix WebUI API |
Version: < 14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28019", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:56:13.341039Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T15:56:44.807Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "HCL BigFix WebUI API", vendor: "HCL Software", versions: [ { status: "affected", version: "< 14", }, ], }, ], datePublic: "2023-07-18T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.</span><br>", }, ], value: "Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T17:57:23.111Z", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], source: { discovery: "UNKNOWN", }, title: "An SQL injection affects BigFix WebUI API", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2023-28019", datePublished: "2023-07-18T17:57:23.111Z", dateReserved: "2023-03-10T03:59:29.452Z", dateUpdated: "2024-10-21T15:56:44.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28021
Vulnerability from cvelistv5
Published
2023-07-18 18:55
Modified
2024-10-21 15:35
Severity ?
EPSS score ?
Summary
The BigFix WebUI uses weak cipher suites.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix WebUI |
Version: All |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28021", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:34:49.999796Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T15:35:37.122Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "HCL BigFix WebUI", vendor: "HCL Software", versions: [ { status: "affected", version: "All", }, ], }, ], datePublic: "2023-07-18T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">The BigFix WebUI uses weak cipher suites.</span><br>", }, ], value: "The BigFix WebUI uses weak cipher suites.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T18:55:20.641Z", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], source: { discovery: "UNKNOWN", }, title: "BigFix WebUI is vulnerable to use of a risky cryptographic algorithm ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2023-28021", datePublished: "2023-07-18T18:55:20.641Z", dateReserved: "2023-03-10T03:59:29.453Z", dateUpdated: "2024-10-21T15:35:37.122Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4104
Vulnerability from cvelistv5
Published
2020-07-17 20:46
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL | HCL BigFix WebUI |
Version: All versions prior to latest releases |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:52:20.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "HCL BigFix WebUI", vendor: "HCL", versions: [ { status: "affected", version: "All versions prior to latest releases", }, ], }, ], descriptions: [ { lang: "en", value: "HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.", }, ], problemTypes: [ { descriptions: [ { description: "\"Cross-site scripting\"", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-17T20:46:39", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@hcl.com", ID: "CVE-2020-4104", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "HCL BigFix WebUI", version: { version_data: [ { version_value: "All versions prior to latest releases", }, ], }, }, ], }, vendor_name: "HCL", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "\"Cross-site scripting\"", }, ], }, ], }, references: { reference_data: [ { name: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855", refsource: "CONFIRM", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2020-4104", datePublished: "2020-07-17T20:46:39", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-08-04T07:52:20.943Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27764
Vulnerability from cvelistv5
Published
2022-05-06 18:10
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix WebUI |
Version: 9.0, 10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:26:10.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "HCL BigFix WebUI", vendor: "HCL Software", versions: [ { status: "affected", version: "9.0, 10.0", }, ], }, ], datePublic: "2022-04-07T00:00:00", descriptions: [ { lang: "en", value: "Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-614", description: "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-09T20:15:11", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778", }, ], source: { discovery: "UNKNOWN", }, title: "HCL BigFix WebUI Cookie missing attributes", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@hcl.com", DATE_PUBLIC: "2022-04-07T00:00:00.000Z", ID: "CVE-2021-27764", STATE: "PUBLIC", TITLE: "HCL BigFix WebUI Cookie missing attributes", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "HCL BigFix WebUI", version: { version_data: [ { version_value: "9.0, 10.0", }, ], }, }, ], }, vendor_name: "HCL Software", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", }, ], }, ], }, references: { reference_data: [ { name: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778", refsource: "MISC", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2021-27764", datePublished: "2022-05-06T18:10:35.347152Z", dateReserved: "2021-02-26T00:00:00", dateUpdated: "2024-09-16T19:09:03.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38655
Vulnerability from cvelistv5
Published
2022-12-20 04:51
Modified
2024-08-03 11:02
Severity ?
EPSS score ?
Summary
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix WebUI |
Version: 20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T11:02:14.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "BigFix WebUI", vendor: "HCL Software", versions: [ { status: "affected", version: "20", }, ], }, ], datePublic: "2022-12-20T04:23:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. </span><br>", }, ], value: "BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. \n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T01:21:43.830108Z", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102140", }, ], source: { discovery: "UNKNOWN", }, title: "HCL BigFix WebUI is affected by a missing-permission-check vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2022-38655", datePublished: "2022-12-20T04:51:01.413Z", dateReserved: "2022-08-22T16:31:27.394Z", dateUpdated: "2024-08-03T11:02:14.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28023
Vulnerability from cvelistv5
Published
2023-07-18 19:07
Modified
2024-10-21 14:36
Severity ?
EPSS score ?
Summary
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix WebUI Software Distribution |
Version: <=44 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.862Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28023", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T14:35:47.771695Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T14:36:00.258Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "HCL BigFix WebUI Software Distribution", vendor: "HCL Software", versions: [ { status: "affected", version: "<=44", }, ], }, ], datePublic: "2023-07-18T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). </span><br>", }, ], value: "A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). \n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-01T00:45:42.530Z", orgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", shortName: "HCL", }, references: [ { url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", }, ], source: { discovery: "UNKNOWN", }, title: "HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", assignerShortName: "HCL", cveId: "CVE-2023-28023", datePublished: "2023-07-18T19:07:40.553Z", dateReserved: "2023-03-10T03:59:29.453Z", dateUpdated: "2024-10-21T14:36:00.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }