Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-37522
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an malicious user to execute a malicious script on the user's browser.
Hcltechsw Bigfix Bare Osd Metal Server Webui
6.1
CVSSv3
CVE-2023-37520
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
Hcltech Bigfix Platform
Hcltech Bigfix Platform 11.0.0
6.1
CVSSv3
CVE-2023-37519
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.
Hcltech Bigfix Platform
Hcltech Bigfix Platform 11.0.0
4.8
CVSSv3
CVE-2023-28025
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before the...
Hcltech Bigfix Modern Client Management
8.8
CVSSv3
CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote malicious users to cause out-of-bound access via HTTP request.
Hcltech Bigfix Platform
Apache Xerces-c\\+\\+ 3.2.3
Fedoraproject Fedora 37
8.2
CVSSv3
CVE-2022-44757
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
Hcltech Bigfix Insights For Vulnerability Remediation
5.3
CVSSv3
CVE-2022-44758
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.
Hcltech Bigfix Insights For Vulnerability Remediation
4.4
CVSSv3
CVE-2022-42451
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.
Hcltech Bigfix Patch Management
8.8
CVSSv3
CVE-2023-28012
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
Hcltech Bigfix Mobile 3.0
5.4
CVSSv3
CVE-2023-28014
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
Hcltech Bigfix Mobile 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »