cvedb.io
CVE-2023-28016
LOW · CVSS 3.1
EPSS exploitation probability: 0%
Published 2023-06-22T23:15:09.343 · Last modified 2026-06-17T05:46:22.977

Summary

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.

Affected products

hcltech — bigfix_osd_bare_metal_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when hcltech ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.