Stored Cross-Site Scripting Vulnerability in HCL BigFix WebUI
CVE-2020-4104

5.4MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Bigfix Webui
Vendor: CVE Published:; 17 July 2020

Summary

HCL BigFix WebUI is exposed to a stored cross-site scripting vulnerability in the Apps->Software module. This flaw allows an attacker to inject malicious scripts, potentially affecting all users interacting with the application. Users may unknowingly execute harmful scripts within their browsers, leading to unauthorized actions and data exposure. To mitigate the risk, it is crucial for organizations using HCL BigFix to update to the latest versions as outlined in HCL's knowledge base.

Affected Version(s)

HCL BigFix WebUI All versions prior to latest releases

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 17, 2020
Vulnerability Reserved
Dec 30, 2019