CVE-2023-37522 MEDIUM

CVE-2023-37522: HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags

Vendor Hcl Software
Product HCL BigFix OSD Bare Metal Server WebUI
Published January 16, 2024
Last update June 16, 2025

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
June 16, 2025 Record updated