Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-1231
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
Ibm Bigfix Platform
7.8
CVSSv3
CVE-2017-1201
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.
Ibm Bigfix Security Compliance Analytics 1.9.79
7.8
CVSSv3
CVE-2016-0214
IBM Tivoli Endpoint Manager could allow a remote malicious user to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to...
Ibm Bigfix Platform 9.0
Ibm Bigfix Platform 9.1
Ibm Bigfix Platform 9.2
Ibm Bigfix Platform 9.5
1 Github repository
7.8
CVSSv3
CVE-2016-2948
IBM BigFix Remote Control prior to 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.
Ibm Bigfix Remote Control 9.1.2
7.5
CVSSv3
CVE-2023-28021
The BigFix WebUI uses weak cipher suites.
Hcltech Bigfix Webui -
7.5
CVSSv3
CVE-2021-27782
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
Hcltech Bigfix Mobile 2.0
7.5
CVSSv3
CVE-2022-38658
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive d...
Hcltech Bigfix Server Automation
7.5
CVSSv3
CVE-2021-27761
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
Hcltech Bigfix Platform
7.5
CVSSv3
CVE-2021-27756
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
Hcltech Bigfix Compliance
7.5
CVSSv3
CVE-2021-27757
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive inf...
Hcltech Bigfix Insights
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »