cve-2023-37529
Vulnerability from cvelistv5
Published
2024-02-02 19:45
Modified
2024-08-02 17:16
Severity
Summary
A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform
References
Impacted products
| Vendor | Product |
|---|---|
| HCL Software | BigFix Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T18:40:45.935779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:40.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0110209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5 - 9.5.23, 10 - 10.0.10"
}
]
}
],
"datePublic": "2024-02-02T14:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA c\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eross-site scripting (XSS) vulnerability in the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Reports component of \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Platform\u003c/span\u003e\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan possibly allow an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto execute \u003c/span\u003emalicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T19:45:10.048Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0110209"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37529",
"datePublished": "2024-02-02T19:45:10.048Z",
"dateReserved": "2023-07-06T16:12:30.394Z",
"dateUpdated": "2024-08-02T17:16:30.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-37529\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2024-02-29T01:40:04.583\",\"lastModified\":\"2024-02-29T13:49:47.277\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de cross-site scripting (XSS) en el componente Web Reports de HCL BigFix Platform posiblemente pueda permitir que un atacante ejecute c\u00f3digo javascript malicioso en una p\u00e1gina web intentando recuperar informaci\u00f3n almacenada en cookies. Esta no es la misma vulnerabilidad identificada en CVE-2023-37530.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.0,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.3,\"impactScore\":1.4}]},\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0110209\",\"source\":\"psirt@hcl.com\"}]}}"
}
}
Loading...