6.5
CVE-2023-28023
- EPSS 0.09%
- Veröffentlicht 18.07.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:53:57
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Bigfix Webui Version <= 44
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.252 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| psirt@hcl.com | 4.9 | 1.8 | 2.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.