CVE-2023-28012: HCL BigFix Mobile can be affected by a command injection vulnerability
First published: Wed Jul 26 2023(Updated: )
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
Credit: psirt@hcl.com psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Bigfix Mobile | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-28012.
What is the severity of CVE-2023-28012?
The severity of CVE-2023-28012 is high.
How does the vulnerability in HCL BigFix Mobile occur?
The vulnerability in HCL BigFix Mobile occurs due to a command injection attack.
What is the impact of the vulnerability in HCL BigFix Mobile?
The impact of the vulnerability in HCL BigFix Mobile is that an authenticated attacker could run arbitrary shell commands on the WebUI server.
Is there a solution to fix the vulnerability in HCL BigFix Mobile?
Yes, there is a solution to fix the vulnerability in HCL BigFix Mobile. It is recommended to apply the latest security patches provided by the vendor.
- collector/nvd-index
- agent/author
- agent/softwarecombine
- agent/type
- collector/nvd-latest
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/description
- collector/nvd-api
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/hcltech
- canonical/hcltech bigfix mobile
- version/hcltech bigfix mobile/3.0