CVE-2023-23343 - OpenCVE

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Bigfix Osd Bare Metal Server

Configuration 1 [-]

cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2023-06-22T21:57:37.702Z

Updated: 2024-08-02T10:28:40.803Z

Reserved: 2023-01-11T18:41:24.862Z

Link: CVE-2023-23343

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-22T22:15:09.110

Modified: 2023-07-03T19:03:11.543

Link: CVE-2023-23343

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23343", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-01-11T18:41:24.862Z", "datePublished": "2023-06-22T21:57:37.702Z", "dateUpdated": "2024-08-02T10:28:40.803Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL BigFix OSD Bare Metal Server", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "< 311.12"}]}], "datePublic": "2023-06-22T21:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.</span><br>"}], "value": "A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2023-06-22T21:57:37.702Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:28:40.803Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601", "tags": ["x_transferred"]}]}]}}