WebReports SAML Configuration Vulnerable to XSS and MITM Exploits
CVE-2023-45706

2LOW

Key Information:

Vendor: Hcl Software
Status: Bigfix Platform
Vendor: CVE Published:; 28 March 2024

Summary

An administrative user of HCL WebReports may exploit vulnerabilities through improper SAML configuration, leading to potential Cross Site Scripting (XSS) attacks or Man in the Middle (MITM) scenarios. These vulnerabilities can allow unauthorized access to sensitive information or manipulation of web content, emphasizing the necessity for robust security measures and prompt updates to safeguard against potential exploits.

Affected Version(s)

BigFix Platform 9.5 - 9.5.23, 10.0 - 10.0.10, 11.0.0 - 11.0.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Oct 10, 2023