Lucene search

HCLVULNRICHMENT:CVE-2023-45705

HistoryMar 28, 2024 - 2:11 p.m.

CVE-2023-45705 HCL BigFix Platform is susceptible to Server Side Request Forgery (SSRF)

2024-03-2814:11:57

HCL

github.com

cve-2023-45705

hcl bigfix platform

server side request forgery

ssrf

smtp configuration

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.

CNA Affected

[
  {
    "vendor": "HCL Software",
    "product": "BigFix Platform",
    "versions": [
      {
        "status": "affected",
        "version": "10.0 - 10.0.10, 11.0.0 - 11.0.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111972