Lucene search

[email protected]CVE-2023-37521

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2023-37521

2024-01-1616:15:10

[email protected]

web.nvd.nist.gov

cve-2023-37521

hcl bigfix

bare osd metal server

webui

sensitive information leakage

attacker

malicious attack

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.

Affected configurations

NVD

Node

hcltechswbigfix_bare_osd_metal_server_webuiRange<311.28

CPENameOperatorVersion
hcltechsw:bigfix_bare_osd_metal_server_webuihcltechsw bigfix bare osd metal server webuilt311.28

CPE	Name	Operator	Version
hcltechsw:bigfix_bare_osd_metal_server_webui	hcltechsw bigfix bare osd metal server webui	lt	311.28

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix OSD Bare Metal Server WebUI",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=  311.19"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-37521

cvelist1 prion1 nvd1