6 matches found
CVE-2021-27783
CVE-2021-27783 concerns HCL Technologies BigFix Mobile/Modern Client Management (versions v2.0 and v2.1). Affected component: PPKG files generated during user Bulk Enroll. Root cause: unencrypted sensitive information exposed within these PPKG files. Impact: information disclosure, enabling expos...
CVE-2023-28025
CVE-2023-28025 affects HCL Technologies BigFix Mobile / Modern Client Management (including v3.1 and prior per multiple sources). The issue is a stored XSS via the ability to inject an SVG tag into HTML, resulting in an alert cookie pop-up. Root cause is improper input handling that allows SVG ma...
CVE-2025-0276
CVE-2025-0276 affects HCL BigFix Modern Client Management (MCM)
CVE-2025-0274
The CVE-2025-0274 entry concerns HCL BigFix Modern Client Management (MCM) with versions 3.3 and earlier. The root cause is improper access control that could permit unauthorized users to access a small subset of endpoint actions, potentially exposing internal functions. The affected product is d...
CVE-2025-0275
HCL BigFix Mobile 3.3 and earlier are affected by improper access control. Multiple connected sources confirm that unauthorized users could access a small subset of endpoint actions, potentially exposing internal functions. The issue is described consistently across Red Hat, NVD, CVE lists, and r...
CVE-2025-0277
CVE-2025-0277 affects HCL BigFix Mobile 3.3 and earlier. The issue arises from insecure directives in the Content Security Policy (CSP) , enabling an attacker to trick users into performing actions by insufficiently restricting sources of scripts and other content. What is vulnerable: CSP configu...