Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
References
| Link | Resource |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 | Vendor Advisory |
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:11
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
| References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 - Vendor Advisory |
29 Dec 2023, 19:28
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:* cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:* |
|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| First Time |
Hcltech bigfix Platform
Hcltech |
|
| References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 - Vendor Advisory |
21 Dec 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-21 23:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37520
Mitre link : CVE-2023-37520
CVE.ORG link : CVE-2023-37520
JSON object : View
Products Affected
hcltech
- bigfix_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')