Lucene search

HCLCVELIST:CVE-2023-23343

HistoryJun 22, 2023 - 9:57 p.m.

CVE-2023-23343 HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability.

2023-06-2221:57:37

HCL

www.cve.org

cve-2023-23343

clickjacking

hcl bigfix osd

CVSS3

2.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

18.8%

JSON

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix OSD Bare Metal Server",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "< 311.12"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

CVSS3

2.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2023-23343