exploitDog

CVE-2025-52621

Опубликовано: 15 авг. 2025

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.

Ссылки

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:bigfix_saas:*:*:*:*:*:*:*:*

Версия до 8.1.14 (исключая)

EPSS

Процентиль: 3%

0.00017

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-346

Связанные уязвимости

GHSA-r9j3-884r-cxhp

CVSS3: 5.3

github

6 месяцев назад

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.

EPSS

Процентиль: 3%

0.00017

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-346