Lucene search

K
cve[email protected]CVE-2023-37519
HistoryDec 21, 2023 - 10:15 p.m.

CVE-2023-37519

2023-12-2122:15:13
CWE-79
web.nvd.nist.gov
19
cve-2023-37519
unauthenticated
stored
cross-site scripting
xss
bigfix server
nvd

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.8%

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.

Affected configurations

NVD
Node
hcltechbigfix_platformRange9.59.5.23
OR
hcltechbigfix_platformRange10.0.010.0.10
OR
hcltechbigfix_platformMatch11.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix Platform",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.5.x, 10.0.x"
      }
    ]
  }
]

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.8%

Related for CVE-2023-37519