CVE-2021-27759

2.3LOW

Key Information:

Vendor: Hcl Software
Status: Hcl Bigfix Inventory
Vendor: CVE Published:; 6 May 2022

Summary

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.

Affected Version(s)

HCL BigFix Inventory 9.x

HCL BigFix Inventory 10.x

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2022
Vulnerability Reserved
Feb 26, 2021