Lucene search
K
HcltechBigfix Mobile

10 matches found

CVE
CVE
added 2022/05/27 4:15 p.m.96 views

CVE-2021-27780

CVE-2021-27780 affects HCL Technologies BigFix Mobile/Modern Client Management (versions v1.x, v2.0). The root cause is improper handling of XML interfaces in unauthenticated contexts, enabling Un-Auth XML interaction and unauthenticated device enrollment. Impact described in sources includes una...

5.3CVSS5.3AI score0.00701EPSS
CVE
CVE
added 2022/05/27 4:15 p.m.84 views

CVE-2021-27781

CVE-2021-27781 affects HCL Technologies BigFix Mobile/Modern Client Management (1.x and 2.0). The issue is a stored cross-site scripting vulnerability that allows embedding a script tag in HTML to trigger an alert pop-up displaying a cookie. Descriptions across multiple sources label this as a st...

6.6CVSS5.2AI score0.00409EPSS
CVE
CVE
added 2022/05/25 3:20 p.m.77 views

CVE-2021-27783

CVE-2021-27783 concerns HCL Technologies BigFix Mobile/Modern Client Management (versions v2.0 and v2.1). Affected component: PPKG files generated during user Bulk Enroll. Root cause: unencrypted sensitive information exposed within these PPKG files. Impact: information disclosure, enabling expos...

6.8CVSS6.4AI score0.00345EPSS
CVE
CVE
added 2023/07/26 11:31 p.m.57 views

CVE-2023-28014

CVE-2023-28014 affects HCL BigFix Mobile with a cross-site scripting vulnerability. An authenticated attacker could inject malicious scripts into the application. The available materials indicate low/medium impact vectors and that exploitation requires user interaction. No concrete remediation or...

6.6CVSS5.3AI score0.00217EPSS
CVE
CVE
added 2023/07/26 11:12 p.m.55 views

CVE-2023-28012

CVE-2023-28012 affects HCL BigFix Mobile WebUI server. The vulnerability is a command injection flaw where input is not properly filtered, allowing an authenticated attacker to execute arbitrary shell commands on the WebUI server. Reported impact includes high confidentiality, integrity, and avai...

8.8CVSS7.4AI score0.00771EPSS
CVE
CVE
added 2023/01/19 6:54 p.m.53 views

CVE-2021-27782

CVE-2021-27782 affects HCL BigFix Mobile / Modern Client Management Admin and Config UI. The issue allows brute-forcing of passwords in the configuration interfaces, with recommended user lockout after multiple invalid attempts. Connected sources confirm this behavior but do not consistently spec...

7.5CVSS6.5AI score0.00346EPSS
CVE
CVE
added 2025/10/16 8:25 a.m.19 views

CVE-2025-0276

CVE-2025-0276 affects HCL BigFix Modern Client Management (MCM)

6.5CVSS6.4AI score0.00285EPSS
CVE
CVE
added 2025/10/16 4:56 a.m.17 views

CVE-2025-0274

The CVE-2025-0274 entry concerns HCL BigFix Modern Client Management (MCM) with versions 3.3 and earlier. The root cause is improper access control that could permit unauthorized users to access a small subset of endpoint actions, potentially exposing internal functions. The affected product is d...

5.3CVSS6.3AI score0.00245EPSS
CVE
CVE
added 2025/10/16 5:14 a.m.15 views

CVE-2025-0275

HCL BigFix Mobile 3.3 and earlier are affected by improper access control. Multiple connected sources confirm that unauthorized users could access a small subset of endpoint actions, potentially exposing internal functions. The issue is described consistently across Red Hat, NVD, CVE lists, and r...

5.3CVSS6.3AI score0.00245EPSS
CVE
CVE
added 2025/10/16 8:27 a.m.14 views

CVE-2025-0277

CVE-2025-0277 affects HCL BigFix Mobile 3.3 and earlier. The issue arises from insecure directives in the Content Security Policy (CSP) , enabling an attacker to trick users into performing actions by insufficiently restricting sources of scripts and other content. What is vulnerable: CSP configu...

6.5CVSS6.4AI score0.00285EPSS