HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability
CVE-2023-28023

4.9MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Bigfix Webui Software Distribution
Vendor: CVE Published:; 18 July 2023

Summary

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).

Affected Version(s)

HCL BigFix WebUI Software Distribution <=44

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Mar 10, 2023