Lucene search

HCLCVELIST:CVE-2023-45705

HistoryMar 28, 2024 - 2:11 p.m.

CVE-2023-45705 HCL BigFix Platform is susceptible to Server Side Request Forgery (SSRF)

2024-03-2814:11:57

HCL

www.cve.org

cve-2023-45705

hcl bigfix platform

ssrf

webreports

smtp

vulnerability

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

9.0%

JSON

An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BigFix Platform",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "10.0 - 10.0.10, 11.0.0 - 11.0.1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111972