CVE-2023-37519 HIGH

CVE-2023-37519: HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS)

Vendor Hcl Software
Product HCL BigFix Platform
Published December 21, 2023
Last update April 23, 2025

CVSS base score

7.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. 

Key dates

02Disclosure timeline

December 21, 2023 CVE published
April 23, 2025 Record updated