7 matches found
CVE-2025-31963
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...
CVE-2025-31962
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...
CVE-2025-31964
CVE-2025-31964 affects HCL BigFix IVR 4.2. The issue is an improper service binding configuration in internal service components that causes administrative services to be bound to external network interfaces rather than the local authentication interface, potentially impacting service availabilit...
CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...
CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...
CVE-2025-31962 HCL BigFix IVR is impacted by an insufficient session expiration vulnerability
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...
HCL BigFix IVR 安全漏洞
HCL BigFix IVR is a vulnerability fixing tool from HCL India. A security vulnerability exists in HCL BigFix IVR version 4.2 that stems from insufficient session expiration of the Web UI authentication component, which could lead to unauthorized access to protected API endpoints...