Lucene search

HCLCVE-2023-23343

HistoryJun 22, 2023 - 10:15 p.m.

CVE-2023-23343

2023-06-2222:15:09

CWE-1021

HCL

web.nvd.nist.gov

cve-2023-23343

clickjacking

hcl bigfix osd

bare metal server

vulnerability

security

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

Affected configurations

Nvd

Node

hcltechbigfix_osd_bare_metal_serverRange≤311.12

VendorProductVersionCPE
hcltechbigfix_osd_bare_metal_server*cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hcltech	bigfix_osd_bare_metal_server	*	cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix OSD Bare Metal Server",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "< 311.12"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

Related for CVE-2023-23343