Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix platform vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-1481
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM ...
Ibm Bigfix Platform
383
VMScore
CVE-2018-1474
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and c...
Ibm Bigfix Platform
383
VMScore
CVE-2018-1478
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hija...
Ibm Bigfix Platform
445
VMScore
CVE-2018-1480
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values v...
Ibm Bigfix Platform
383
VMScore
CVE-2018-1484
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a si...
Ibm Bigfix Platform
NA
CVE-2022-27545
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
Hcltech Bigfix Platform
187
VMScore
CVE-2017-1231
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
Ibm Bigfix Platform
445
VMScore
CVE-2020-14248
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Hcltech Bigfix Platform
383
VMScore
CVE-2020-14254
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
Hcltech Bigfix Platform
187
VMScore
CVE-2020-4095
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the enviro...
Hcltech Bigfix Platform
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »