CVE-2023-28023

MEDIUM

BigFix WebUI < 44 - Cross-Site Request Forgery in Software Distribution Interface

Title source: llm

Description

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).

References (1)

Core 1

Core References

Various Sources

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123

Scores

CVSS v3 4.9

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

hcltech/bigfix_webui < 44

Published Jul 18, 2023

Tracked Since Feb 18, 2026