Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigfix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23540
The HCL BigFix Inventory server is vulnerable to path traversal which enables an malicious user to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.
NA
CVE-2023-37529
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified i...
NA
CVE-2023-37530
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a webpage trying to retrieve cookie stored information.
NA
CVE-2023-37531
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a form field of a webpage by a user with privileged access.
6.1
CVSSv3
CVE-2023-37528
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
5.4
CVSSv3
CVE-2024-23553
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
6.1
CVSSv3
CVE-2023-37527
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web pag...
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
8.8
CVSSv3
CVE-2023-37518
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.
Hcltech Bigfix Servicenow Data Flow
9.8
CVSSv3
CVE-2023-37523
Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an malicious user to execute a malicious script on the user's browser.
Hcltechsw Bigfix Bare Osd Metal Server Webui
5.3
CVSSv3
CVE-2023-37521
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an malicious user to execute a malicious attack.
Hcltechsw Bigfix Bare Osd Metal Server Webui
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »