CVE-2023-37523 : Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 3

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser.

Published 2024-01-16 18:15:09

Updated 2024-01-23 16:54:44

Source HCL Software

View at NVD, CVE.org

Products affected by CVE-2023-37523

Hcltechsw » Bigfix Bare Osd Metal Server Webui
Versions up to, including, (<=) 311.19
cpe:2.3:a:hcltechsw:bigfix_bare_osd_metal_server_webui:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-37523

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-37523

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2024-01-23
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
5.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	2.2	3.4	HCL Software	2024-01-16
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2023-37523

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754

Security Bulletin: HCL BigFix OSD Bare Metal Server WebUI is affected by multiple security vulnerabilities
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-37523

Products affected by CVE-2023-37523

Exploit prediction scoring system (EPSS) score for CVE-2023-37523

CVSS scores for CVE-2023-37523

References for CVE-2023-37523