HCL BigFix Platform XSS Vulnerability Could Lead to Malicious Code Execution
CVE-2023-37530

5.4MEDIUM

Key Information:

Vendor: HCL Software
Status: BigFix Platform
Vendor: CVE Published:; 29 February 2024

Summary

An identified cross-site scripting (XSS) vulnerability in the Web Reports component of the HCL BigFix Platform poses a significant security risk. The flaw may allow attackers to inject and execute malicious JavaScript code within web pages, which could lead to unauthorized access to sensitive information, including cookies. This vulnerability highlights the importance of securing web interfaces against such exploits to protect user data and maintain the integrity of web applications.

Affected Version(s)

BigFix Platform 9.5 - 9.5.23, 10 - 10.0.10

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Jul 6, 2023