13 matches found
CVE-2025-15633
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633
The CVE describes an improper authorization flaw in HCL BigFix WebUI. An authenticated user lacking Master Operator privileges can access internal data (site names, versions, configuration variables) via unprotected endpoints that do not enforce security headers. This indicates a privilege check ...
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
PT-2026-39320
Name of the Vulnerable Software and Affected Versions HCL BigFix WebUI affected versions not specified Description An improper authorization issue in HCL BigFix WebUI allows an authenticated user who lacks Master Operator privileges to bypass privilege requirements. This is possible due to...
EUVD-2021-14522
Malware in sbrugna...
CVE-2023-28025
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...
CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...
Code injection
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...
CVE-2021-27781
CVE-2021-27781 affects HCL Technologies BigFix Mobile/Modern Client Management (1.x and 2.0). The issue is a stored cross-site scripting vulnerability that allows embedding a script tag in HTML to trigger an alert pop-up displaying a cookie. Descriptions across multiple sources label this as a st...