CVE-2021-27759

Published: May 6, 2022Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.

Affected (1)

Products: Hcltech: Bigfix Inventory

1 product

Bigfix Inventory

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hcltech Bigfix Inventory	From 9.0 to 10.0.7.0

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006

Source: psirt@hcl.com

MitigationVendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.