Vulnerability Details : CVE-2023-28016
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
Products affected by CVE-2023-28016
- cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28016
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28016
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
|
3.1
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L |
1.6
|
1.4
|
HCL Software |
CWE ids for CVE-2023-28016
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28016
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601
Security Bulletin: HCL BigFix OSD is affected by multiple security vulnerabilitiesVendor Advisory
Jump to