CVE-2021-27758Cross-Site Request Forgery in Bigfix Inventory

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.1%
top 75.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hcltech Bigfix InventoryHCL Software HCL Bigfix Inventory
Timeline
PublishedMay 6
Latest updateMay 7

Description

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDhcltech/bigfix_inventory9.010.0.7.0
CVEListV5hcl_software/hcl_bigfix_inventory10.x, 9.x+1

🔴Vulnerability Details

2
GHSA
GHSA-95fm-qgf3-w8cm: There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and sy2022-05-07
CVEList
CVE-2021-27758: There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and sy2022-05-06
CVE-2021-27758 — Cross-Site Request Forgery | cvebase