46 matches found
CVE-2023-37525
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...
CVE-2023-37525
CVE-2023-37525 affects HCL BigFix Compliance. The connected sources describe a sensitive information disclosure that lets a remote attacker access files under the WEB-INF directory, potentially exposing Java class files and configuration information and leading to unauthorized access to applicati...
EUVD-2025-13436
Malicious code in bioql PyPI...
EUVD-2024-28061
Malicious code in bioql PyPI...
EUVD-2024-28078
Malicious code in bioql PyPI...
EUVD-2024-28062
Malicious code in bioql PyPI...
EUVD-2025-13437
Malicious code in bioql PyPI...
EUVD-2024-28077
Malicious code in bioql PyPI...
CVE-2024-42213
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure...
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42213 HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure...
CVE-2024-42213
CVE-2024-42213 affects HCL BigFix Compliance. The issue is the inclusion of temporary files left in production, which could be exposed via indexing, predictable URLs, or misconfigured permissions, causing information disclosure. CVSSv3.1 base score is 5.3 (Medium); attack vector: network; impact ...
CVE-2024-42213 HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure...
CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...
CVE-2024-42212
CVE-2024-42212 affects HCL BigFix Compliance due to an improper or missing SameSite attribute, enabling Cross-Site Request Forgery (CSRF) via authenticated sessions. The primary sources consistently describe the issue as a CSRF risk stemming from SameSite misconfiguration; the CVSS 3.1 base metri...
HCL BigFix Compliance 安全漏洞
HCL BigFix Compliance is a continuous monitoring and application of endpoint security settings by HCL India to ensure compliance with regulatory or organizational security policies. A security vulnerability exists in HCL BigFix Compliance that stems from missing or improper SameSite attributes,...
PT-2025-19760 · Hcl · Hcl Bigfix Compliance
Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to an improper or missing SameSite attribute, which can lead to Cross-Site Request Forgery CSRF attacks. A malicious site could trick a user's browser int...