BigFix Bare OSD Metal Server WebUI
by HCL Software
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37523 | 0.00 | — | 0.00 | Jan 16, 2024 | Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. | |||
| CVE-2023-37522 | 0.00 | — | 0.00 | Jan 16, 2024 | HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. | |||
| CVE-2023-37521 | 0.00 | — | 0.00 | Jan 16, 2024 | HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | |||
| CVE-2023-28016 | 0.00 | — | 0.00 | Jun 22, 2023 | Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | |||
| CVE-2023-28006 | 0.00 | — | 0.00 | Jun 22, 2023 | The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||
| CVE-2023-23343 | 0.00 | — | 0.00 | Jun 22, 2023 | A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. |
- CVE-2023-37523Jan 16, 2024risk 0.00cvss —epss 0.00
Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser.
- CVE-2023-37522Jan 16, 2024risk 0.00cvss —epss 0.00
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser.
- CVE-2023-37521Jan 16, 2024risk 0.00cvss —epss 0.00
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.
- CVE-2023-28016Jun 22, 2023risk 0.00cvss —epss 0.00
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
- CVE-2023-28006Jun 22, 2023risk 0.00cvss —epss 0.00
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
- CVE-2023-23343Jun 22, 2023risk 0.00cvss —epss 0.00
A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.