Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed...
4.8CVSS
6.1AI Score
0.0004EPSS
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI...
8.8CVSS
9AI Score
0.0005EPSS
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the...
5.4CVSS
5.2AI Score
0.0004EPSS
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid...
7.5CVSS
7.6AI Score
0.001EPSS
The Master operator may be able to embed script tag in HTML with alert pop-up display...
4.8CVSS
5AI Score
0.001EPSS
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device...
5.3CVSS
5.4AI Score
0.001EPSS
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information...
6.5CVSS
6.4AI Score
0.001EPSS
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle...
3.7CVSS
6.1AI Score
0.001EPSS
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local...
3.3CVSS
6AI Score
0.0004EPSS