45 matches found
EUVD-2023-31748
Malicious code in bioql PyPI...
EUVD-2023-31744
Malicious code in bioql PyPI...
EUVD-2023-27444
Malicious code in bioql PyPI...
CVE-2023-28021
The BigFix WebUI uses weak cipher suites...
Code injection
The BigFix WebUI uses weak cipher suites...
CVE-2023-28023
The CVE-2023-28023 issue affects the BigFix WebUI Software Distribution interface (versions prior to 44). A cross-site request forgery allows an attacker to access files on server-side systems (server machine and networked hosts). The PT Security advisory for BigFix WebUI recommends upgrading to ...
CVE-2023-28021 BigFix WebUI is vulnerable to use of a risky cryptographic algorithm
The BigFix WebUI uses weak cipher suites...
CVE-2023-28020 URL redirection affects BigFix WebUI
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header...
CVE-2023-28019 An SQL injection affects BigFix WebUI API
Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...
CVE-2023-28019 An SQL injection affects BigFix WebUI API
Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...
PT-2023-21486 · Hcl · Hcl Bigfix Webui
Name of the Vulnerable Software and Affected Versions: HCL BigFix WebUI affected versions not specified Description: The issue allows a malicious user to redirect the client browser to an external site via a redirect URL response header in the login page. Recommendations: At the moment, there is ...
PT-2023-21487 · Ibm · Bigfix Webui
Name of the Vulnerable Software and Affected Versions: BigFix WebUI affected versions not specified Description: The issue concerns the use of weak cipher suites by the BigFix WebUI. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
PT-2023-21489 · Ibm · Bigfix Webui
Name of the Vulnerable Software and Affected Versions: BigFix WebUI Software Distribution interface site versions prior to 44 Description: A cross-site request forgery issue in the BigFix WebUI Software Distribution interface site allows an NMO attacker to access files on server-side systems,...
PT-2023-21484 · Ibm · Bigfix Webui Api App
Name of the Vulnerable Software and Affected Versions: Bigfix WebUI API App versions prior to 14 Description: The issue is related to insufficient validation, allowing an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. Recommendations: For versions prior to 14,...
CVE-2023-23344
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page...
Code injection
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page...
CVE-2023-23344 HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page...
PT-2023-18917 · Ibm · Bigfix Webui Insights
Name of the Vulnerable Software and Affected Versions: BigFix WebUI Insights site version 14 Description: A permission issue allows an authenticated, unprivileged operator to access an administrator page. Recommendations: For BigFix WebUI Insights site version 14, update to a version that fixes t...
CVE-2022-38655
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...
Xxe
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...