HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability.
CVE-2023-23343

2.4LOW

Key Information:

Vendor: Hcl Software
Status: Hcl Bigfix Osd Bare Metal Server
Vendor: CVE Published:; 22 June 2023

Summary

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

Affected Version(s)

HCL BigFix OSD Bare Metal Server < 311.12

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Jan 11, 2023