CVE-2021-27759

Summary

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL BigFix Inventory9.xaffected
HCL SoftwareHCL BigFix Inventory10.xaffected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References