First published: Fri May 06 2022(Updated: )
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.
Credit: psirt@hcl.com
Affected Software | Affected Version | How to fix |
---|---|---|
HCL Technologies BigFix | >=9.0<10.0.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27758 has a medium severity level due to its potential impact on user login functionality.
To fix CVE-2021-27758, implement additional security measures to prevent Cross-site Request Forgery in the login form.
CVE-2021-27758 affects HCLTech BigFix Inventory versions between 9.0 and 10.0.7.0.
Cross-site Request Forgery in CVE-2021-27758 allows an attacker to exploit the login process and potentially block the victim's account.
Yes, CVE-2021-27758 can lead to account lockout if an attacker spammed login attempts causing the system to block the victim's account.