Ibm · Bigfix Relay · CVE-2023-37520
**Name of the Vulnerable Software and Affected Versions**
BigFix Server version 9.5.12.68
**Description**
An Unauthenticated Stored Cross-Site Scripting (XSS) issue has been identified, allowing for potential data exfiltration. This issue is located in the Gather Status Report, which is served by the BigFix Relay.
**Recommendations**
For BigFix Server version 9.5.12.68, consider disabling the Gather Status Report feature until a patch is available to prevent potential exploitation. Restrict access to the BigFix Relay to minimize the risk of data exfiltration. At the moment, there is no information about a newer version that contains a fix for this issue.