Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech bigfix platform vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-14248
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Hcltech Bigfix Platform
2.1
CVSSv2
CVE-2020-4095
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the enviro...
Hcltech Bigfix Platform
4.3
CVSSv2
CVE-2020-14254
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
Hcltech Bigfix Platform
7.5
CVSSv2
CVE-2021-27762
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
Hcltech Bigfix Platform
4.6
CVSSv2
CVE-2021-27765
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulner...
Hcltech Bigfix Platform
4.6
CVSSv2
CVE-2021-27767
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerabi...
Hcltech Bigfix Platform
NA
CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote malicious users to cause out-of-bound access via HTTP request.
Hcltech Bigfix Platform
Apache Xerces-c\\+\\+ 3.2.3
Fedoraproject Fedora 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2