CVE-2023-28016 LOW

CVE-2023-28016: HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability

Vendor Hcl Software
Product HCL BigFix OSD Bare Metal Server
Published June 22, 2023
Last update December 5, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.

Key dates

02Disclosure timeline

June 22, 2023 CVE published
December 5, 2024 Record updated