A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:NHcltech Bigfix Webui
APPHcltech≤ 44
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2021-27764HIGH7.4ten sam produkt
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show t...
CVE-2023-28019MEDIUM5.5ten sam produkt
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue ...
CVE-2023-28020MEDIUM4.7ten sam produkt
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an ...
CVE-2023-28021MEDIUM5.9ten sam produkt
The BigFix WebUI uses weak cipher suites.
CVE-2022-38655MEDIUM6.4ten sam produkt
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevan...