Vulnerability Details : CVE-2023-28023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2023-28023
- cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28023
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28023
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
1.8
|
2.7
|
HCL Software |
CWE ids for CVE-2023-28023
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28023
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123
Security Bulletin: HCL BigFix WebUI is affected by multiple third-party and internal vulnerabilities
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904
Security Bulletin: HCL Verse is susceptible to a Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2023-28023)
Jump to