HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
CVE-2023-37522

5.6MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Bigfix Osd Bare Metal Server Webui
Vendor: CVE Published:; 16 January 2024

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2023-37522?

The HCL BigFix Bare OSD Metal Server WebUI up to version 311.19 contains vulnerabilities related to insecure or missing tags. This security flaw could be exploited by attackers, allowing them to inject and execute malicious scripts in the context of the user’s browser. Such vulnerabilities highlight the importance of addressing security best practices in web application development to safeguard against potential exploits that could compromise user data and system integrity.

Affected Version(s)

HCL BigFix OSD Bare Metal Server WebUI <= 311.19

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jul 6, 2023