Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42453
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.
Hcltech Bigfix Platform
3.5
CVSSv2
CVE-2019-4011
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Ibm Bigfix Platform
9
CVSSv2
CVE-2019-4013
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
Ibm Bigfix Platform
1 EDB exploit
4
CVSSv2
CVE-2019-4058
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
Ibm Bigfix Platform
5
CVSSv2
CVE-2019-4061
IBM BigFix Platform 9.2 and 9.5 could allow an malicious user to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.
Ibm Bigfix Platform
4.3
CVSSv2
CVE-2018-1473
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Ibm Bigfix Platform
4.3
CVSSv2
CVE-2018-1474
IBM BigFix Platform 9.2.0 up to and including 9.2.14 and 9.5 up to and including 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and c...
Ibm Bigfix Platform
4.3
CVSSv2
CVE-2021-27759
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.
Hcltech Bigfix Inventory
5
CVSSv2
CVE-2021-27761
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
Hcltech Bigfix Platform
7.5
CVSSv2
CVE-2021-27762
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
Hcltech Bigfix Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »