Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23540
The HCL BigFix Inventory server is vulnerable to path traversal which enables an malicious user to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.
NA
CVE-2023-37529
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified i...
NA
CVE-2023-37530
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a webpage trying to retrieve cookie stored information.
NA
CVE-2023-37531
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a form field of a webpage by a user with privileged access.
NA
CVE-2023-37528
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
NA
CVE-2024-23553
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
NA
CVE-2023-37527
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web pag...
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
NA
CVE-2023-37518
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.
Hcltech Bigfix Servicenow Data Flow
NA
CVE-2023-37523
Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an malicious user to execute a malicious script on the user's browser.
Hcltechsw Bigfix Bare Osd Metal Server Webui
NA
CVE-2023-37521
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an malicious user to execute a malicious attack.
Hcltechsw Bigfix Bare Osd Metal Server Webui
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »