HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
CVE-2023-37522

5.6MEDIUM

What is CVE-2023-37522?

The HCL BigFix Bare OSD Metal Server WebUI up to version 311.19 contains vulnerabilities related to insecure or missing tags. This security flaw could be exploited by attackers, allowing them to inject and execute malicious scripts in the context of the user’s browser. Such vulnerabilities highlight the importance of addressing security best practices in web application development to safeguard against potential exploits that could compromise user data and system integrity.

Affected Version(s)

HCL BigFix OSD Bare Metal Server WebUI <= 311.19

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.