HCL BigFix Platform XSS Vulnerability
CVE-2023-37531

4.8MEDIUM

Key Information:

Vendor: HCL Software
Status: BigFix Platform
Vendor: CVE Published:; 29 February 2024

Summary

The vulnerability in the Web Reports component of the HCL BigFix Platform presents a cross-site scripting (XSS) risk. An attacker could exploit this flaw to inject and execute malicious JavaScript code within a form field, potentially compromising the integrity and security of user data. This vulnerability primarily affects users with privileged access, making it critical for organizations to ensure that web application security measures are strengthened to protect against such attacks. Comprehensive security audits and updates to the affected platform are recommended to mitigate the risks associated with this issue.

Affected Version(s)

BigFix Platform 9.5 - 9.5.23, 10 - 10.0.10

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Jul 6, 2023