CVE-2023-37523 MEDIUM

CVE-2023-37523: HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags

Vendor Hcl Software
Product HCL BigFix OSD Bare Metal Server WebUI
Published January 16, 2024
Last update June 3, 2025

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
June 3, 2025 Record updated