HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
CVE-2023-37522

9.8CRITICAL

Key Information:

Vendor: HCL Software
Status: HCL BigFix OSD Bare Metal Server WebUI
Vendor: CVE Published:; 16 January 2024

Summary

The HCL BigFix Bare OSD Metal Server WebUI up to version 311.19 contains vulnerabilities related to insecure or missing tags. This security flaw could be exploited by attackers, allowing them to inject and execute malicious scripts in the context of the user’s browser. Such vulnerabilities highlight the importance of addressing security best practices in web application development to safeguard against potential exploits that could compromise user data and system integrity.

Affected Version(s)

HCL BigFix OSD Bare Metal Server WebUI <= 311.19

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jul 6, 2023