Vulnerability Details CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v3 Score 8.2
References
- https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
- https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
Products affected by CVE-2023-37536
-
cpe:2.3:a:apache:xerces-c++:3.2.3
-
cpe:2.3:a:hcltech:bigfix_platform:10.0.0
-
cpe:2.3:a:hcltech:bigfix_platform:10.0.2
-
cpe:2.3:a:hcltech:bigfix_platform:10.0.5
-
cpe:2.3:a:hcltech:bigfix_platform:10.0.7
-
cpe:2.3:a:hcltech:bigfix_platform:10.0.8
-
cpe:2.3:a:hcltech:bigfix_platform:9.0.0
-
cpe:2.3:a:hcltech:bigfix_platform:9.2
-
cpe:2.3:a:hcltech:bigfix_platform:9.2.19
-
cpe:2.3:a:hcltech:bigfix_platform:9.5
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.10
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.11
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.12
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.12.68
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.13
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.14
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.15
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.18
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.2
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.20
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.21
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.3
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.5
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.6
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.7
-
cpe:2.3:a:hcltech:bigfix_platform:9.5.9
-
cpe:2.3:o:fedoraproject:fedora:37