Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech bigfix inventory vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-27758
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.
Hcltech Bigfix Inventory
4.3
CVSSv2
CVE-2021-27759
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.
Hcltech Bigfix Inventory
4.3
CVSSv2
CVE-2020-14254
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
Hcltech Bigfix Platform
5
CVSSv2
CVE-2020-14248
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Hcltech Bigfix Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started