Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-1480
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values v...
Ibm Bigfix Platform
5.3
CVSSv3
CVE-2018-1481
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM ...
Ibm Bigfix Platform
5.4
CVSSv3
CVE-2022-27545
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
Hcltech Bigfix Platform
5.3
CVSSv3
CVE-2017-1177
IBM BigFix Compliance 1.7 up to and including 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.
Ibm Bigfix Compliance
5.9
CVSSv3
CVE-2016-8962
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for malicious users to compromise user accounts. IBM X-Force ID: 118851.
Ibm Bigfix Inventory
5.3
CVSSv3
CVE-2020-14248
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Hcltech Bigfix Platform
7.5
CVSSv3
CVE-2020-14254
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
Hcltech Bigfix Platform
5.3
CVSSv3
CVE-2017-1198
IBM BigFix Compliance 1.7 up to and including 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 1...
Ibm Bigfix Compliance
5.9
CVSSv3
CVE-2017-1200
IBM BigFix Compliance 1.7 up to and including 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an malicious user to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a m...
Ibm Bigfix Compliance
5.4
CVSSv3
CVE-2017-1202
IBM BigFix Compliance 1.7 up to and including 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IB...
Ibm Bigfix Compliance
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »