CVE-2023-37521 LOW

CVE-2023-37521: HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure

Vendor Hcl Software
Product HCL BigFix OSD Bare Metal Server WebUI
Published January 16, 2024
Last update October 29, 2024

CVSS base score

2.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
October 29, 2024 Record updated