HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
CVE-2023-37523

9.8CRITICAL

Key Information:

Vendor: HCL Software
Status: HCL BigFix OSD Bare Metal Server WebUI
Vendor: CVE Published:; 16 January 2024

Summary

The HCL BigFix Bare OSD Metal Server WebUI is susceptible to security issues stemming from missing or improperly configured tags. This vulnerability enables potential attackers to exploit the system by executing malicious scripts in the context of the user's browser, which could lead to unauthorized actions or the compromise of sensitive data. Users utilizing version 311.19 or lower of this product should be aware of the risks associated with this flaw and take appropriate measures to mitigate potential threats.

Affected Version(s)

HCL BigFix OSD Bare Metal Server WebUI <= 311.19

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jul 6, 2023