CVE-2023-37536

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 11, 2023

Updated: Aug 1, 2024

CWE ID 680

CWE ID 190

Summary

CVE-2023-37536 is an integer overflow vulnerability affecting xerces-c++ 3.2.3 in BigFix Platform. Attackers can exploit this flaw by sending malicious HTTP requests causing out-of-bound access. This issue may allow unauthorized access to sensitive data or even take control of an affected system. Users are advised to update their BigFix Platform to a patched version as soon as possible to mitigate this risk. Failure to do so may result in serious security consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Hcltech Bigfix Platform
Fedora Operating System

Affected Vendors

Fedora Project
HCL Technologies Ltd.
Apache Software Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database