CVE-2023-28023 – HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability
https://notcve.org/view.php?id=CVE-2023-28023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-28021 – BigFix WebUI is vulnerable to use of a risky cryptographic algorithm
https://notcve.org/view.php?id=CVE-2023-28021
The BigFix WebUI uses weak cipher suites. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-326: Inadequate Encryption Strength •
CVE-2023-28020 – URL redirection affects BigFix WebUI
https://notcve.org/view.php?id=CVE-2023-28020
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-28019 – An SQL injection affects BigFix WebUI API
https://notcve.org/view.php?id=CVE-2023-28019
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-23344 – HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization
https://notcve.org/view.php?id=CVE-2023-23344
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105705 • CWE-276: Incorrect Default Permissions •