CVE-2023-28020

MEDIUM

HCL BigFix WebUI - Open Redirect via Login Page Redirect URL Header

Title source: llm

Description

URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123

Scores

CVSS v3 4.7

EPSS 0.0023

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

hcltech/bigfix_webui

Published Jul 18, 2023

Tracked Since Feb 18, 2026