CVE-2023-37520
HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS)
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 dic 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Productos afectados
HCL Software · HCL BigFix Platform¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →