CVE-2023-28019: An SQL injection affects BigFix WebUI API
First published: Tue Jul 18 2023(Updated: )
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
Credit: psirt@hcl.com psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Bigfix Webui | <14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability identifier for this issue?
The vulnerability identifier for this issue is CVE-2023-28019.
What is the severity of CVE-2023-28019?
The severity of CVE-2023-28019 is high with a severity value of 8.8.
What is the affected software for CVE-2023-28019?
The affected software for CVE-2023-28019 is Hcltech Bigfix Webui version up to exclusive 14.
What is the CWE number associated with CVE-2023-28019?
The CWE number associated with CVE-2023-28019 is CWE-89.
How can I fix the vulnerability identified as CVE-2023-28019?
To fix CVE-2023-28019, it is recommended to apply the necessary updates or patches provided by Hcltech.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/hcltech
- canonical/hcltech bigfix webui