CVE-2023-28016: HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability

3.1 CVSS

Description

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.

Classification

CVE ID: CVE-2023-28016

CVSS Base Severity: LOW

CVSS Base Score: 3.1

Affected Products

Vendor: HCL Software

Product: HCL BigFix OSD Bare Metal Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 26.17% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

Timeline

2024-12-06 00:31:24 UTC
CVE

HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability