CVE-2019-4301

BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
HCLCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
hcltechself-service_application
3.0.0
𝑥
= Vulnerable software versions
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0076139
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0076139