CVE-2023-37520 HIGH

CVE-2023-37520: HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS)

Vendor Hcl Software
Product HCL BigFix Platform
Published December 21, 2023
Last update August 2, 2024

CVSS base score

7.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
August 2, 2024 Record updated