Lucene search

[email protected]CVE-2023-23343

HistoryJun 22, 2023 - 10:15 p.m.

CVE-2023-23343

2023-06-2222:15:09

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2023-23343

clickjacking

hcl bigfix osd

bare metal server

vulnerability

security

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

Affected configurations

NVD

Node

hcltechbigfix_osd_bare_metal_serverRange≤311.12

CPENameOperatorVersion
hcltech:bigfix_osd_bare_metal_serverhcltech bigfix osd bare metal serverle311.12

CPE	Name	Operator	Version
hcltech:bigfix_osd_bare_metal_server	hcltech bigfix osd bare metal server	le	311.12

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix OSD Bare Metal Server",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "< 311.12"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVE-2023-23343

cvelist1 prion1 nvd1