CVE-2023-28012
HCL BigFix Mobile can be affected by a command injection vulnerability
In short
HCL BigFix Mobile allows an authenticated attacker to inject and execute arbitrary shell commands on the WebUI server, potentially compromising the system's integrity and confidentiality.
Technical detail
This command injection vulnerability in HCL BigFix Mobile's WebUI accepts unsanitized input from authenticated users, allowing execution of arbitrary shell commands with server privileges. The attack requires prior authentication and could lead to unauthorized code execution, data exfiltration, or lateral movement within the infrastructure.
Summary generated and translated by AI from the official description.
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
HCL Software · HCL BigFix MobileWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →