CVE-2023-37520

HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS)

CVSS 7.7 HIGHEPSS 0.2%

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Productos afectados

HCL Software · HCL BigFix Platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376