exploitDog

CVE-2023-23343

Опубликовано: 22 июн. 2023

Источник: nvd

CVSS3: 2.4

CVSS3: 6.1

EPSS Низкий

Описание

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*

Версия до 311.12 (включая)

EPSS

Процентиль: 14%

0.00047

Низкий

2.4 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-1021

Связанные уязвимости

GHSA-86xw-mmvj-gfc6

CVSS3: 2.4

github

больше 2 лет назад

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

EPSS

Процентиль: 14%

0.00047

Низкий

2.4 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-1021