CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:L/IR:L/AR:L/MAV:A/MAC:H/MPR:L/MUI:R/MS:U/MI:N/MA:N
EPSS
Percentile
21.6%
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim’s browser to emit an HTTP request to an arbitrary URL in the application.
[
{
"product": "HCL BigFix Inventory",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.x"
},
{
"status": "affected",
"version": "10.x"
}
]
}
]
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:L/IR:L/AR:L/MAV:A/MAC:H/MPR:L/MUI:R/MS:U/MI:N/MA:N
EPSS
Percentile
21.6%