Lucene search

HCLCVELIST:CVE-2023-37521

HistoryJan 16, 2024 - 3:55 p.m.

CVE-2023-37521 HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure

2024-01-1615:55:27

HCL

www.cve.org

cve-2023-37521

hcl bigfix

sensitive information disclosure

query string

attack

2.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix OSD Bare Metal Server WebUI",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<=  311.19"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754

2.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-37521