CVE-2023-28016: HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability
First published: Thu Jun 22 2023(Updated: )
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=311.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-28016.
What is the affected software for this vulnerability?
The affected software for this vulnerability is HCL BigFix OSD Bare Metal Server version 311.12 or lower.
What is the severity of CVE-2023-28016?
The severity of CVE-2023-28016 is medium with a CVSS score of 6.1.
How does the vulnerability in HCL BigFix OSD Bare Metal Server version 311.12 or lower occur?
The vulnerability in HCL BigFix OSD Bare Metal Server version 311.12 or lower occurs due to a host header injection, allowing an attacker to supply invalid input and cause a redirect to an attacker-controlled domain.
How can I fix the host header injection vulnerability in HCL BigFix OSD Bare Metal Server version 311.12 or lower?
To fix the host header injection vulnerability in HCL BigFix OSD Bare Metal Server version 311.12 or lower, it is recommended to update to a version higher than 311.12 or apply the necessary patches provided by HCL Tech.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hcltech