CVE-2023-28023: HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability
First published: Tue Jul 18 2023(Updated: )
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
Credit: psirt@hcl.com psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Bigfix Webui | <=44 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this cross site request forgery vulnerability?
The vulnerability ID for this cross site request forgery vulnerability is CVE-2023-28023.
What is the affected software version for this vulnerability?
The affected software version for this vulnerability is version 44 of the BigFix WebUI Software Distribution interface.
What is the severity of CVE-2023-28023?
The severity of CVE-2023-28023 is medium with a severity value of 6.5.
How does this vulnerability impact server side systems?
This vulnerability allows an attacker to access files on server side systems, including the server machine and all the ones in its network.
Is there a fix available for CVE-2023-28023?
For information on how to fix CVE-2023-28023, please refer to the official support documentation provided by HCLTech.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/hcltech
- canonical/hcltech bigfix webui
- version/hcltech bigfix webui/44