10 matches found
CVE-2021-27780
CVE-2021-27780 affects HCL Technologies BigFix Mobile/Modern Client Management (versions v1.x, v2.0). The root cause is improper handling of XML interfaces in unauthenticated contexts, enabling Un-Auth XML interaction and unauthenticated device enrollment. Impact described in sources includes una...
CVE-2021-27781
CVE-2021-27781 affects HCL Technologies BigFix Mobile/Modern Client Management (1.x and 2.0). The issue is a stored cross-site scripting vulnerability that allows embedding a script tag in HTML to trigger an alert pop-up displaying a cookie. Descriptions across multiple sources label this as a st...
CVE-2021-27783
CVE-2021-27783 concerns HCL Technologies BigFix Mobile/Modern Client Management (versions v2.0 and v2.1). Affected component: PPKG files generated during user Bulk Enroll. Root cause: unencrypted sensitive information exposed within these PPKG files. Impact: information disclosure, enabling expos...
CVE-2023-28014
CVE-2023-28014 affects HCL BigFix Mobile with a cross-site scripting vulnerability. An authenticated attacker could inject malicious scripts into the application. The available materials indicate low/medium impact vectors and that exploitation requires user interaction. No concrete remediation or...
CVE-2023-28012
CVE-2023-28012 affects HCL BigFix Mobile WebUI server. The vulnerability is a command injection flaw where input is not properly filtered, allowing an authenticated attacker to execute arbitrary shell commands on the WebUI server. Reported impact includes high confidentiality, integrity, and avai...
CVE-2021-27782
CVE-2021-27782 affects HCL BigFix Mobile / Modern Client Management Admin and Config UI. The issue allows brute-forcing of passwords in the configuration interfaces, with recommended user lockout after multiple invalid attempts. Connected sources confirm this behavior but do not consistently spec...
CVE-2025-0276
CVE-2025-0276 affects HCL BigFix Modern Client Management (MCM)
CVE-2025-0274
The CVE-2025-0274 entry concerns HCL BigFix Modern Client Management (MCM) with versions 3.3 and earlier. The root cause is improper access control that could permit unauthorized users to access a small subset of endpoint actions, potentially exposing internal functions. The affected product is d...
CVE-2025-0275
HCL BigFix Mobile 3.3 and earlier are affected by improper access control. Multiple connected sources confirm that unauthorized users could access a small subset of endpoint actions, potentially exposing internal functions. The issue is described consistently across Red Hat, NVD, CVE lists, and r...
CVE-2025-0277
CVE-2025-0277 affects HCL BigFix Mobile 3.3 and earlier. The issue arises from insecure directives in the Content Security Policy (CSP) , enabling an attacker to trick users into performing actions by insufficiently restricting sources of scripts and other content. What is vulnerable: CSP configu...