cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-37523,https://securityvulnerability.io/vulnerability/CVE-2023-37523,HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags,"The HCL BigFix Bare OSD Metal Server WebUI is susceptible to security issues stemming from missing or improperly configured tags. This vulnerability enables potential attackers to exploit the system by executing malicious scripts in the context of the user's browser, which could lead to unauthorized actions or the compromise of sensitive data. Users utilizing version 311.19 or lower of this product should be aware of the risks associated with this flaw and take appropriate measures to mitigate potential threats.",HCL Software,HCL BigFix OSD Bare Metal Server WebUI,9.8,CRITICAL,0.0010499999625608325,false,false,false,false,,false,false,2024-01-16T17:33:01.755Z,0
CVE-2023-37522,https://securityvulnerability.io/vulnerability/CVE-2023-37522,HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags,"The HCL BigFix Bare OSD Metal Server WebUI up to version 311.19 contains vulnerabilities related to insecure or missing tags. This security flaw could be exploited by attackers, allowing them to inject and execute malicious scripts in the context of the user’s browser. Such vulnerabilities highlight the importance of addressing security best practices in web application development to safeguard against potential exploits that could compromise user data and system integrity.",HCL Software,HCL BigFix OSD Bare Metal Server WebUI,9.8,CRITICAL,0.0010499999625608325,false,false,false,false,,false,false,2024-01-16T15:59:35.415Z,0
CVE-2023-37521,https://securityvulnerability.io/vulnerability/CVE-2023-37521,HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure,"The HCL BigFix Bare OSD Metal Server WebUI, specifically in versions 311.19 and below, has been identified with a potential vulnerability where sensitive information can be unintentionally exposed in query strings. This loophole may allow attackers to exploit the system by manipulating the query string and deriving confidential data, thereby increasing the risk of malicious activities. Users of the affected versions should take immediate steps to evaluate their configurations and ensure that sensitive data is adequately protected.",Hcl Software,Hcl Bigfix Osd Bare Metal Server Webui,5.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-01-16T15:55:27.149Z,0
CVE-2023-28023,https://securityvulnerability.io/vulnerability/CVE-2023-28023,HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability,"A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 
",Hcl Software,Hcl Bigfix Webui Software Distribution,4.9,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2023-07-18T20:15:00.000Z,0
CVE-2023-28021,https://securityvulnerability.io/vulnerability/CVE-2023-28021,"BigFix WebUI is vulnerable to use of a risky cryptographic algorithm ","The BigFix WebUI uses weak cipher suites.
",Hcl Software,Hcl Bigfix Webui,5.9,MEDIUM,0.001449999981559813,false,false,false,false,,false,false,2023-07-18T19:15:00.000Z,0
CVE-2023-28020,https://securityvulnerability.io/vulnerability/CVE-2023-28020,URL redirection affects BigFix WebUI," URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
",Hcl Software,Hcl Bigfix Webui,4.7,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-07-18T19:15:00.000Z,0
CVE-2023-28019,https://securityvulnerability.io/vulnerability/CVE-2023-28019,An SQL injection affects BigFix WebUI API,"Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
",Hcl Software,Hcl Bigfix Webui Api,5.5,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2023-07-18T18:15:00.000Z,0
CVE-2023-23344,https://securityvulnerability.io/vulnerability/CVE-2023-23344,HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization,"A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
",Hcl Software,Hcl Bigfix Webui Insights,6.5,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2023-06-23T06:15:00.000Z,0
CVE-2021-27764,https://securityvulnerability.io/vulnerability/CVE-2021-27764,HCL BigFix WebUI Cookie missing attributes,Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI),Hcl Software,Hcl Bigfix Webui,7.4,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0
CVE-2020-4104,https://securityvulnerability.io/vulnerability/CVE-2020-4104,,HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.,HCL Software,Hcl Bigfix Webui,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-17T20:46:39.000Z,0