CSRF Attack Could Lead to RCE: Vendor Warns
CVE-2024-23554

5.7MEDIUM

Key Information:

Vendor

Hcl Software
Status
Bigfix Platform
Vendor
CVE Published:
18 May 2024

What is CVE-2024-23554?

Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).

Affected Version(s)

BigFix Platform 9.5 - 9.5.24, 10 - 10.0.11, 11.0.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.