Lucene search
K
HcltechBigfix Compliance

9 matches found

CVE
CVE
added 2022/03/04 9:18 p.m.87 views

CVE-2021-27756

Affected software: HCL BigFix Compliance (up to v2.0.5). Vulnerability: TLS-RSA cipher suites are not disabled, enabling an attacker to passively record traffic and potentially decrypt it if TLS 2.0 and secure ciphers are not enabled. Impact: Confidentiality of communications could be compromised...

7.5CVSS7.4AI score0.00557EPSS
CVE
CVE
added 2025/05/05 7:0 p.m.66 views

CVE-2024-42213

CVE-2024-42213 affects HCL BigFix Compliance. The issue is the inclusion of temporary files left in production, which could be exposed via indexing, predictable URLs, or misconfigured permissions, causing information disclosure. CVSSv3.1 base score is 5.3 (Medium); attack vector: network; impact ...

5.3CVSS5.2AI score0.00252EPSS
CVE
CVE
added 2025/05/05 6:40 p.m.61 views

CVE-2024-42212

CVE-2024-42212 affects HCL BigFix Compliance due to an improper or missing SameSite attribute, enabling Cross-Site Request Forgery (CSRF) via authenticated sessions. The primary sources consistently describe the issue as a CSRF risk stemming from SameSite misconfiguration; the CVSS 3.1 base metri...

5.4CVSS5.4AI score0.00201EPSS
CVE
CVE
added 2024/11/07 8:36 a.m.58 views

CVE-2024-30141

HCL BigFix Compliance is affected by CVE-2024-30141, where error messages can disclose sensitive information about the environment, users, or data. The issue is described as: generation of detailed/enticing error messages leading to information disclosure. The CVSS details indicate a network-atta...

4.7CVSS4.6AI score0.00304EPSS
CVE
CVE
added 2024/11/07 8:17 a.m.55 views

CVE-2024-30140

CVE-2024-30140 affects HCL BigFix Compliance. Unvalidated redirects and forwards allow an attacker to manipulate the HOST header, potentially poisoning the web cache and serving altered content to users. Public details: CVSS v3.1 base score 5.4 (NETWORK, LOW attack complexity, privileges required...

5.4CVSS5.4AI score0.00227EPSS
CVE
CVE
added 2024/11/07 8:58 a.m.52 views

CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie, enabling cookie theft via XSS and potentially unauthorized access or cookies transmitted over unencrypted channels. The CVE refers to vulnerability in product HCL BigFix Compliance (reported as 2024-30142) and is corroborated...

3.8CVSS4.1AI score0.00103EPSS
CVE
CVE
added 2024/07/18 5:59 p.m.40 views

CVE-2024-30125

CVE-2024-30125 affects HCL BigFix Compliance server. The issue is described as the server returning HTTP 500, potentially causing the server process to die. The CVSS 3.1 base score is 6.2 (Medium): Local attack vector, no user interaction, with Confidentiality Low, Integrity High, Availability Lo...

6.2CVSS6.3AI score0.00134EPSS
CVE
CVE
added 2024/07/18 7:17 p.m.32 views

CVE-2024-30126

CVE-2024-30126 affects HCL BigFix Compliance due to a missing X-Frame-Options HTTP header. The issue enables an attacker to host the target site in a frame/iframe, potentially tricking users into performing actions without their knowledge. Documented impact is limited to framing-related risks; no...

4.7CVSS4.7AI score0.0022EPSS
CVE
CVE
added 2026/01/28 7:58 p.m.15 views

CVE-2023-37525

CVE-2023-37525 affects HCL BigFix Compliance. The connected sources describe a sensitive information disclosure that lets a remote attacker access files under the WEB-INF directory, potentially exposing Java class files and configuration information and leading to unauthorized access to applicati...

5.3CVSS5.9AI score0.00293EPSS