CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
[
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*",
"cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*"
],
"vendor": "hcltech",
"product": "bigfix_platform",
"versions": [
{
"status": "affected",
"version": "10",
"versionType": "semver",
"lessThanOrEqual": "9.5.22"
},
{
"status": "affected",
"version": "9.5",
"versionType": "semver",
"lessThanOrEqual": "10.0.9"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"vendor": "fedoraproject",
"product": "fedora",
"versions": [
{
"status": "affected",
"version": "37"
},
{
"status": "affected",
"version": "38"
},
{
"status": "affected",
"version": "39"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:apache:xerces-c\\+\\+:3.2.2:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "xerces-c\\+\\+",
"versions": [
{
"status": "affected",
"version": "3.2.2"
}
],
"defaultStatus": "unknown"
}
]
lists.debian.org/debian-lts-announce/2023/12/msg00027.html
lists.fedoraproject.org/archives/list/[email protected]/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
lists.fedoraproject.org/archives/list/[email protected]/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
lists.fedoraproject.org/archives/list/[email protected]/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/
support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
total