Lucene search

[email protected]CVE-2023-37523

HistoryJan 16, 2024 - 6:15 p.m.

CVE-2023-37523

2024-01-1618:15:09

[email protected]

web.nvd.nist.gov

cve-2023-37523

hcl bigfix

bare osd

metal server

webui

security vulnerability

script execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user’s browser.

Affected configurations

NVD

Node

hcltechswbigfix_bare_osd_metal_server_webuiRange≤311.19

CPENameOperatorVersion
hcltechsw:bigfix_bare_osd_metal_server_webuihcltechsw bigfix bare osd metal server webuile311.19

CPE	Name	Operator	Version
hcltechsw:bigfix_bare_osd_metal_server_webui	hcltechsw bigfix bare osd metal server webui	le	311.19

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix OSD Bare Metal Server WebUI",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=  311.19"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2023-37523

cvelist1 prion1 vulnrichment1 nvd1