CVE-2023-37520

Name of the Vulnerable Software and Affected Versions BigFix Server version 9.5.12.68

Description An Unauthenticated Stored Cross-Site Scripting (XSS) issue has been identified, allowing for potential data exfiltration. This issue is located in the Gather Status Report, which is served by the BigFix Relay.

Recommendations For BigFix Server version 9.5.12.68, consider disabling the Gather Status Report feature until a patch is available to prevent potential exploitation. Restrict access to the BigFix Relay to minimize the risk of data exfiltration. At the moment, there is no information about a newer version that contains a fix for this issue.