HCL BigFix Compliance Cross-Site Request Forgery Vulnerability Due to Improper SameSite Attribute

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in HCL BigFix Compliance due to an improper or missing SameSite attribute. This flaw allows a malicious site to potentially manipulate a user's browser into making unintended requests while using authenticated sessions.

Impact

Exploitation of this vulnerability could lead to Cross-Site Request Forgery attacks, allowing malicious sites to perform actions on behalf of users without their consent.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.8

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.8

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Compliance Cross-Site Request Forgery Vulnerability Due to Improper SameSite Attribute

Vulnerability

Impact

Affected Products

HCL BigFix Compliance

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating