CVE-2023-37536

HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3

Description

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Link	Tags
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/	third party advisory mailing list
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html

What is the severity of CVE-2023-37536?: CVE-2023-37536 has been scored as a high severity vulnerability.
How to fix CVE-2023-37536?: To fix CVE-2023-37536, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-37536 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-37536 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-37536?: CVE-2023-37536 affects HCL Software BigFix Platform.