Lucene search

HCLCVELIST:CVE-2021-27759

HistoryMay 06, 2022 - 6:10 p.m.

CVE-2021-27759

2022-05-0618:10:29

CWE-352

HCL

www.cve.org

cve-2021-27759

http request

application vulnerability

CVSS3

2.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:L/IR:L/AR:L/MAV:A/MAC:H/MPR:L/MUI:R/MS:U/MI:N/MA:N

EPSS

0.001

Percentile

21.6%

JSON

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim’s browser to emit an HTTP request to an arbitrary URL in the application.

CNA Affected

[
  {
    "product": "HCL BigFix Inventory",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.x"
      },
      {
        "status": "affected",
        "version": "10.x"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006

CVSS3

2.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:L/IR:L/AR:L/MAV:A/MAC:H/MPR:L/MUI:R/MS:U/MI:N/MA:N

EPSS

0.001

Percentile

21.6%

JSON

Related for CVELIST:CVE-2021-27759