CVE-2021-27759 — LOW (2.3) — White Hats Nepal

Q: How severe is CVE-2021-27759?

CVE-2021-27759 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-27759?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Inventory.

Vulnerability Description

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.

CVSS Score

2.3

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hcltech	Bigfix Inventory	>= 9.0, < 10.0.7.0

Related Weaknesses (CWE)

CWE-345 CWE-352

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006MitigationVendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006MitigationVendor Advisory

FAQ

What is CVE-2021-27759?

CVE-2021-27759 is a vulnerability with a CVSS score of 2.3 (LOW). This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser t...

How severe is CVE-2021-27759?

CVE-2021-27759 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27759?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Inventory.