CVE-2023-28023
Summary
| CVE | CVE-2023-28023 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-18 20:15:00 UTC |
| Updated | 2023-08-01 01:15:00 UTC |
| Description | A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hcltech | Bigfix Webui | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: HCL BigFix WebUI is affected by multiple third-party and internal vulnerabilities - Customer Support | MISC | support.hcltechsw.com | |
| Security Bulletin: HCL Verse is susceptible to a Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2023-37496) - Customer Support | MISC | support.hcltechsw.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.