Lucene search

[email protected]NVD:CVE-2023-37536

HistoryOct 11, 2023 - 7:15 a.m.

CVE-2023-37536

2023-10-1107:15:10

CWE-190

[email protected]

web.nvd.nist.gov

integer overflow

xerces-c++

bigfix platform

out-of-bound access

http request

remote attackers

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.0%

JSON

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Affected configurations

NVD

Node

apachexerces-c\+\+Match3.2.3

hcltechbigfix_platformRange9.0.0–9.5.23

hcltechbigfix_platformRange10.0.0–10.0.10

Node

fedoraprojectfedoraMatch37

References

lists.debian.org/debian-lts-announce/2023/12/msg00027.html

lists.fedoraproject.org/archives/list/[email protected]/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/

lists.fedoraproject.org/archives/list/[email protected]/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/

lists.fedoraproject.org/archives/list/[email protected]/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for NVD:CVE-2023-37536

openvas9 nessus10 redhatcve1 cvelist1 prion1 osv2 ubuntucve1 cve1 amazon1 debiancve1 redos1 fedora3 ubuntu1 debian1 oracle2