PT-2024-19936 · Hcl · Hcl Bigfix Platform

Published

2024-05-17

Updated

2026-01-08

CVE-2024-23554

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HCL BigFix Platform versions prior to 9.5.24 HCL BigFix Platform versions prior to 10.0.11 HCL BigFix Platform versions prior to 11.0.1

Description The issue is related to a Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).

Recommendations For HCL BigFix Platform versions prior to 9.5.24, update to version 9.5.24 or later. For HCL BigFix Platform versions prior to 10.0.11, update to version 10.0.11 or later. For HCL BigFix Platform versions prior to 11.0.1, update to version 11.0.1 or later.

Fix

RCE

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-23554

Affected Products

Hcl Bigfix Platform

PT-2024-19936 · Hcl · Hcl Bigfix Platform

CVE-2024-23554

Weakness Enumeration

Related Identifiers

Affected Products

References · 7