CVE-2023-37522 HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser...

CVE-2023-37521 HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack...

CVE-2023-28016

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain...

CVE-2023-28016

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain...

Design/Logic Flaw

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain...

CVE-2023-28016

CVE-2023-28016 affects HCL BigFix OSD Bare Metal Server versions 311.12 or lower, via a Host Header Injection vulnerability that enables a redirect to an attacker‑controlled domain. Root cause is improper handling of host header input leading to external redirects. Impact is a user redirection to...

CVE-2023-23343

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain...

CVE-2023-28006 HCL BigFix OSD Bare Metal Server is affected by a weak cryptographic algorithm.

The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure...

CVE-2023-23343

CVE-2023-23343 describes a clickjacking flaw in HCL BigFix OSD Bare Metal Server, affected versions up to 311.12. Adversaries can stack transparent/opaque layers to trick users into clicking a link/button that redirects to an attacker-controlled domain. Documented impact is redirect-based clickja...

CVE-2023-23343 HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability.

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain...

HCL Technologies BigFix OSD 安全漏洞

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. It is used for the deployment of operating systems. A security vulnerability exists in HCL BigFix OSD Bare Metal Server version 311.12 and earlier. An attacker exploits the vulnerability to use a...