CVE-2023-28023

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-28023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:53

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 -
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 4.9

01 Aug 2023, 01:15

Type Values Removed Values Added
Summary HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 
References
  • {'url': 'https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904', 'name': 'https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904', 'tags': [], 'refsource': 'MISC'}
  • (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 -

31 Jul 2023, 18:15

Type Values Removed Values Added
Summary A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).  HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
References
  • {'url': 'https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123', 'name': 'https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904 -

27 Jul 2023, 04:06

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
References (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 - (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 - Vendor Advisory
CPE cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*:*
First Time Hcltech
Hcltech bigfix Webui
CWE CWE-352

18 Jul 2023, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-18 20:15

Updated : 2024-11-21 07:53

NVD link : CVE-2023-28023

Mitre link : CVE-2023-28023

CVE.ORG link : CVE-2023-28023

JSON object : View

Products Affected

hcltech

  • bigfix_webui
CWE
CWE-352

Cross-Site Request Forgery (CSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024