CVE-2023-28016

LOW

HCL BigFix OSD Bare Metal Server < 311.12 - Host Header Injection

Title source: llm

Description

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

Scores

CVSS v3 3.1

EPSS 0.0021

EPSS Percentile 43.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74

Status published

Products (1)

hcltech/bigfix_osd_bare_metal_server < 311.12

Published Jun 22, 2023

Tracked Since Feb 18, 2026