What is CVE-2023-37520?

CVE-2023-37520 is a high-severity vulnerability in Hcl Software Bigfix Platform, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2023-12-21.

How severe is CVE-2023-37520?

High severity. CVSS v3 base score is 7.7 out of 10.

XSS in Hcl Software Bigfix Platform

CVE-2023-37520

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix R…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (15.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Hcl Software Bigfix Platform — versions 9.5.x, 10.0.x, 11.0.0
Hcltech Bigfix_platform — versions 11.0.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@hcl.com (Vendor Advisory)

Frequently asked questions

What is CVE-2023-37520?: CVE-2023-37520 is a high-severity vulnerability in Hcl Software Bigfix Platform, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2023-12-21.
How severe is CVE-2023-37520?: High severity. CVSS v3 base score is 7.7 out of 10.