HCL BigFix Platform XSS Vulnerability
CVE-2023-37531

4.8MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Bigfix Platform
Vendor: CVE Published:; 29 February 2024

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2023-37531?

The vulnerability in the Web Reports component of the HCL BigFix Platform presents a cross-site scripting (XSS) risk. An attacker could exploit this flaw to inject and execute malicious JavaScript code within a form field, potentially compromising the integrity and security of user data. This vulnerability primarily affects users with privileged access, making it critical for organizations to ensure that web application security measures are strengthened to protect against such attacks. Comprehensive security audits and updates to the affected platform are recommended to mitigate the risks associated with this issue.

Affected Version(s)

BigFix Platform 9.5 - 9.5.23, 10 - 10.0.10

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Jul 6, 2023