CSRF Attack Could Lead to RCE: Vendor Warns
CVE-2024-23554

5.7MEDIUM

Key Information:

Vendor: Hcl Software
Status: Bigfix Platform
Vendor: CVE Published:; 18 May 2024

Summary

Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).

Affected Version(s)

BigFix Platform 9.5 - 9.5.24, 10 - 10.0.11, 11.0.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2024

.