CVE-2021-27759
06.05.2022, 18:15
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| hcltech | bigfix_inventory | 9.0 ≤ 𝑥 < 10.0.7.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
- CWE-345 - Insufficient Verification of Data AuthenticityThe software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.