Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Bigfix Platform Security Vulnerabilities - 2020

cve
cve

CVE-2020-14248

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.3CVSS

5.3AI Score

0.002EPSS

2020-12-16 03:15 PM
23
2
cve
cve

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.

7.5CVSS

7.4AI Score

0.002EPSS

2020-12-16 03:15 PM
20
cve
cve

CVE-2020-4095

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least...

6CVSS

6.2AI Score

0.0004EPSS

2020-07-16 07:15 PM
44