MEDIUM🇬🇧 English

CVE-2023-28023

CVSS 4.9v3.1pub. 2023-07-18upd. 2024-11-21

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
  • Hcltech Bigfix Webui

    APP
    Hcltech
    ≤ 44
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-27764HIGH7.4ten sam produkt

Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show t...

CVE-2023-28019MEDIUM5.5ten sam produkt

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue ...

CVE-2023-28020MEDIUM4.7ten sam produkt

 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an ...

CVE-2023-28021MEDIUM5.9ten sam produkt

The BigFix WebUI uses weak cipher suites.

CVE-2022-38655MEDIUM6.4ten sam produkt

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevan...

CVE-2023-28023 — MEDIUM 4.9 | CVEbaza.pl