Lucene search

K
cvelistHCLCVELIST:CVE-2023-28019
HistoryJul 18, 2023 - 5:57 p.m.

CVE-2023-28019 An SQL injection affects BigFix WebUI API

2023-07-1817:57:23
HCL
www.cve.org
3
cve-2023-28019
sql injection
bigfix webui api
insufficient validation

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

38.4%

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix WebUI API",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "< 14"
      }
    ]
  }
]

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

38.4%

Related for CVELIST:CVE-2023-28019