9 matches found
CVE-2021-27756
Affected software: HCL BigFix Compliance (up to v2.0.5). Vulnerability: TLS-RSA cipher suites are not disabled, enabling an attacker to passively record traffic and potentially decrypt it if TLS 2.0 and secure ciphers are not enabled. Impact: Confidentiality of communications could be compromised...
CVE-2024-42213
CVE-2024-42213 affects HCL BigFix Compliance. The issue is the inclusion of temporary files left in production, which could be exposed via indexing, predictable URLs, or misconfigured permissions, causing information disclosure. CVSSv3.1 base score is 5.3 (Medium); attack vector: network; impact ...
CVE-2024-42212
CVE-2024-42212 affects HCL BigFix Compliance due to an improper or missing SameSite attribute, enabling Cross-Site Request Forgery (CSRF) via authenticated sessions. The primary sources consistently describe the issue as a CSRF risk stemming from SameSite misconfiguration; the CVSS 3.1 base metri...
CVE-2024-30141
HCL BigFix Compliance is affected by CVE-2024-30141, where error messages can disclose sensitive information about the environment, users, or data. The issue is described as: generation of detailed/enticing error messages leading to information disclosure. The CVSS details indicate a network-atta...
CVE-2024-30140
CVE-2024-30140 affects HCL BigFix Compliance. Unvalidated redirects and forwards allow an attacker to manipulate the HOST header, potentially poisoning the web cache and serving altered content to users. Public details: CVSS v3.1 base score 5.4 (NETWORK, LOW attack complexity, privileges required...
CVE-2024-30142
HCL BigFix Compliance is affected by a missing secure flag on a cookie, enabling cookie theft via XSS and potentially unauthorized access or cookies transmitted over unencrypted channels. The CVE refers to vulnerability in product HCL BigFix Compliance (reported as 2024-30142) and is corroborated...
CVE-2024-30125
CVE-2024-30125 affects HCL BigFix Compliance server. The issue is described as the server returning HTTP 500, potentially causing the server process to die. The CVSS 3.1 base score is 6.2 (Medium): Local attack vector, no user interaction, with Confidentiality Low, Integrity High, Availability Lo...
CVE-2024-30126
CVE-2024-30126 affects HCL BigFix Compliance due to a missing X-Frame-Options HTTP header. The issue enables an attacker to host the target site in a frame/iframe, potentially tricking users into performing actions without their knowledge. Documented impact is limited to framing-related risks; no...
CVE-2023-37525
CVE-2023-37525 affects HCL BigFix Compliance. The connected sources describe a sensitive information disclosure that lets a remote attacker access files under the WEB-INF directory, potentially exposing Java class files and configuration information and leading to unauthorized access to applicati...