VDB
CVE-2023-32695
CVE-2023-32695
PUBLISHED
In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
EPSS 0.30% · 53.8th percentile
Risk Scores
EPSS Score
0.30%
53.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HCL | HCL BigFix WebUI | |
| Splunk | Splunk Splunk Enterprise Security <7.2.0 | |
| Splunk | Splunk Splunk Enterprise Security <7.1.2 | |
| Atlassian | Atlassian Bitbucket <9.4.13 (LTS) | |
| Splunk | Splunk Splunk Enterprise <9.2.1 | |
| Splunk | Splunk Splunk Enterprise UBA <5.2.1 | |
| Splunk | Splunk Splunk Enterprise <9.0.9 | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Atlassian | Atlassian Bitbucket <10.0.2 | |
| Splunk | Splunk Splunk Enterprise UBA <5.3.0 | |
| Dell | Dell Data Protection Advisor <19.12 | |
| Splunk | Splunk Splunk Enterprise <9.1.4 | |
| Splunk | Splunk Splunk Enterprise Security <7.3.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-32695 (circl-sighting)
- https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9 (circl)
- https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced (circl)
- https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3 (circl)
- https://github.com/socketio/socket.io-parser/releases/tag/4.2.3 (circl)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
…and 4 more exploits
Timeline
- May 23, 2023 CVE Published
- May 27, 2023 PoC Published
- May 28, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 8, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 31, 2023 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 12, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 23, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1800.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1800 advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0049.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0049 advisory
- https://advisory.splunk.com//advisories/SVD-2024-0101 advisory
- https://advisory.splunk.com//advisories/SVD-2024-0102 advisory
- https://advisory.splunk.com//advisories/SVD-2024-0103 advisory
- https://advisory.splunk.com//advisories/SVD-2024-0104 advisory
- https://advisory.splunk.com//advisories/SVD-2024-0112 advisory
- https://advisory.splunk.com/advisories/SVD-2024-0718 advisory
- https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html advisory
- https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities advisory