Lucene search

[email protected]CVE-2023-37519

HistoryDec 21, 2023 - 10:15 p.m.

CVE-2023-37519

2023-12-2122:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-37519

unauthenticated

stored

cross-site scripting

xss

bigfix server

nvd

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.

Affected configurations

NVD

Node

hcltechbigfix_platformRange9.5–9.5.23

hcltechbigfix_platformRange10.0.0–10.0.10

hcltechbigfix_platformMatch11.0.0

CPENameOperatorVersion
hcltech:bigfix_platformhcltech bigfix platformlt9.5.23
hcltech:bigfix_platformhcltech bigfix platformlt10.0.10
hcltech:bigfix_platformhcltech bigfix platformeq11.0.0

CPE	Name	Operator	Version
hcltech:bigfix_platform	hcltech bigfix platform	lt	9.5.23
hcltech:bigfix_platform	hcltech bigfix platform	lt	10.0.10
hcltech:bigfix_platform	hcltech bigfix platform	eq	11.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix Platform",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.5.x, 10.0.x"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-37519

nvd1 cvelist1 prion1