cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37520,https://securityvulnerability.io/vulnerability/CVE-2023-37520,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored cross-site scripting (XSS) vulnerability has been identified in BigFix Server version 9.5.12.68. This vulnerability resides in the Gather Status Report feature, which is served by the BigFix Relay. Attackers could exploit this XSS vulnerability to execute arbitrary scripts in the context of an affected user’s browser, leading to potential data exfiltration and unauthorized access to sensitive information. Proper remediation measures are essential to mitigate the risks associated with this vulnerability.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-21T23:15:00.000Z,0
CVE-2023-37519,https://securityvulnerability.io/vulnerability/CVE-2023-37519,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored Cross-Site Scripting (XSS) vulnerability exists in the Download Status Report feature of the BigFix Server. Attackers can exploit this vulnerability to inject malicious scripts that can be executed in the context of a user's browser, potentially leading to data manipulation and exposure. Immediate action is recommended to secure affected instances and mitigate the risk of exploitation.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-21T22:15:00.000Z,0
CVE-2020-4095,https://securityvulnerability.io/vulnerability/CVE-2020-4095,Clear Text Credentials Vulnerability in BigFix Platform by HCL Technologies,"The BigFix Platform is susceptible to a vulnerability where it stores clear text credentials in memory. If an attacker gains administrative privileges, they can execute a program to create a memory dump, enabling them to extract sensitive credentials. This extracted information can facilitate further unauthorized access into the system. It is crucial to enforce the principle of least privilege across all BigFix deployments to minimize administrative access and mitigate potential security risks.",HCL Software,"""hcl Bigfix Platform""",6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-07-16T18:27:41.000Z,0