PT-2020-17879 · Hcl · Hcl Bigfix Webui

Published

2020-07-17

Updated

2020-07-22

CVE-2020-4104

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions HCL BigFix WebUI versions prior to the latest releases

Description The issue concerns stored cross-site scripting (XSS) within the Apps->Software module. An attacker can exploit this to send a malicious script to an unsuspecting user.

Recommendations For versions prior to the latest releases, update to the latest release as specified in the official support article to resolve the issue. As a temporary workaround, consider restricting access to the Apps->Software module to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-4104

Affected Products

Hcl Bigfix Webui

PT-2020-17879 · Hcl · Hcl Bigfix Webui

CVE-2020-4104

Weakness Enumeration

Related Identifiers

Affected Products

References · 2