33 matches found
CVE-2021-27765
The CVE-2021-27765 entry relates to BigFix components packaged with InstallShield. Concrete details from connected documents show that BigFix Server API installer (and related BigFix Console/Client installers) use InstallShield and are affected by CVE-2021-41526, which involves InstallScript acti...
CVE-2023-37536
CVE-2023-37536 : Xeroxes-c++ 3.2.3 in BigFix Platform is affected by an integer overflow that enables out-of-bounds access via crafted HTTP requests, potentially allowing remote code execution or application crash. Connected sources corroborate a vulnerable BigFix component and cite the overflow ...
CVE-2021-27767
CVE-2021-27767 stems from the BigFix Console installer built with InstallShield, which is linked to CVE-2021-41526 (InstallScript-based privilege escalation). The connected sources note that InstallShield-related flaws can enable local privilege escalation and, in some reports (CWE-427), may allo...
CVE-2021-27766
CVE-2021-27766 and CVE-2021-27767 relate to the installers used by HCL BigFix: the BigFix Client and Console installers, both built with InstallShield. Connected sources corroborate that the underlying issue is the InstallShield/InstallScript vulnerability CVE-2021-41526, which can allow local pr...
CVE-2022-27544
CVE-2022-27544 affects HCL BigFix Platform (Web Reports): an information disclosure where authorized users can retrieve SMTP credentials in clear text. Root cause is the transfer of SMTP credentials in clear text within Web Reports. Affected product: HCL BigFix Platform/Web Reports. Impact: expos...
CVE-2021-27762
CVE-2021-27762 describes misconfigured security-related HTTP headers resulting in missing or misconfigured headers in web responses. Documented impact per CVSSv3.1 shows a high/severe impact on confidentiality, integrity, and availability (C/H/I/A = HIGH). The root cause is misconfigured/missing ...
CVE-2022-27545
CVE-2022-27545 affects HCL BigFix Platform (BigFix Web Reports). The issue is an HTML injection vulnerability on the email administrative configuration page that could be exploited by an authorized user to inject malicious scripts into a Web page, potentially compromising user sessions (cookie-ba...
CVE-2024-23554
The CVE-2024-23554 entry affects the HCL BigFix Platform and describes a CSRF on a Session Token that could lead to Remote Code Execution (RCE). Affected versions are: prior to 9.5.24, prior to 10.0.11, and prior to 11.0.1. Remediation is to upgrade to 9.5.24 or later, 10.0.11 or later, or 11.0.1...
CVE-2020-4095
BigFix Platform stores credentials in clear text in system memory, enabling a local attacker with privileges to dump memory and extract credentials for pivoting. Affected: BigFix Platform (IBM/HCL), consistent across CVE-2020-4095 sources (NVD/NVD listing, Red Hat advisory, CNVD, PRION/Design-Log...
CVE-2021-27761
The connected records confirm CVE-2021-27761 affects HCL BigFix Platform, describing a weakness in web transport security (Weak TLS) that may allow an attacker to decrypt data. The vulnerability appears tied to the platform’s web transport protections, with no explicit version, component name, or...
CVE-2023-45715
CVE-2023-45715 affects the HCL BigFix Platform console. A vulnerability causes a service interruption (Denial of Service) when the console processes file names that contain invalid characters. The root cause is not explicitly detailed in the provided documents beyond the impact condition. Current...
CVE-2024-23556
CVE-2024-23556 concerns the HCL BigFix Platform and its SSL/TLS renegotiation feature, which can lead to a Denial of Service. Public sources confirm the issue stems from SSL/TLS renegotiation behavior that may exhaust resources or otherwise disrupt service availability. The primary vulnerability ...
CVE-2023-45706
CVE-2023-45706 affects WebReports/HCL BigFix Platform where an administrative user can trigger a Cross Site Scripting (XSS) and/or a Man in the Middle (MITM) attack via SAML configuration. The connected sources corroborate that the issue involves WebReports and SAML configuration enabling XSS/MIT...
CVE-2024-23553
CVE-2024-23553 is an XSS vulnerability in the Web Reports component of HCL BigFix Platform caused by missing a specific HTTP header attribute. Public sources describe it as affecting Web Reports and enabling execution of malicious scripts in the application session or on rendered pages. The provi...
CVE-2024-23583
CVE-2024-23583 affects HCL BigFix Platform, specifically the Windows Client Deploy Tool, with root cause described as insufficiently protected credentials. The vulnerability could allow an attacker to intercept credentials via Task Manager and gain unauthorized access to the Client Deploy Tool on...
CVE-2022-42453
CVE-2022-42453 relates to the HCL BigFix Platform and involves insufficient warnings when a Fixlet is imported by a user. The warning currently assumes the script owner is the logged-in user, and warnings are also insufficient when attempting to run the script. Several connected records (CVE list...
CVE-2023-37519
CVE-2023-37519 is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability affecting HCL BigFix Platform/BigFix Server, specifically in the Download Status Report. Connected sources indicate affected product versions include HCL BigFix Platform 10.0–10.0.9 and 9.5–9.5.22. The vulnerabil...
CVE-2023-45705
HCL BigFix Platform (WebReports) is reported to be susceptible to Server Side Request Forgery (SSRF) via SMTP configuration options. The vulnerability is described as an issue where an administrative user can trigger SSRF through SMTP settings. There are no details in the provided documents about...
CVE-2024-30117
CVE-2024-30117 (HCL BigFix Platform) is a DLL hijack vulnerability where a dynamic search for a prerequisite library could allow an attacker to replace the correct file under certain conditions. Connected sources indicate affected versions on BigFix Server: 9.5.x prior to 9.5.25, 10.0.x prior to ...
CVE-2024-42189
CVE-2024-42189 affects HCL BigFix Web Reports. The issue is a Denial of Service caused by potentially weak validation of an API parameter, exploitable over the network with no required privileges and user interaction. The provided documents describe the vulnerability and reference the KB0120585 a...
CVE-2024-42200
CVE-2024-42200 affects HCL BigFix Web Reports, where stored XSS can arise from weak input validation of user-supplied data. The consolidated sources describe the issue as a Stored Cross-Site Scripting vulnerability in the Web Reports component of HCL BigFix, with no detailed exploit path or confi...
CVE-2022-38659
CVE-2022-38659 affects HCL BigFix Platform on Windows, where operator credentials may be encrypted in a way that is not completely machine-dependent. The issue is described across multiple sources as insecure credential storage, with the core problem in credentials encryption/mechanism rather tha...
CVE-2024-42193
CVE-2024-42193 refers to a weakness in SSL certificate validation in the HCL BigFix Web Reports service. The connected Nessus entry (KB0120585) ties this to affected HCL BigFix Server versions: 10.0.x before 10.0.13 and 11.x before 11.0.4, indicating a MITM risk and potential unauthorized access ...
CVE-2020-14248
CVE-2020-14248 concerns IBM BigFix Inventory up to v10.0.2, where a session cookie does not set the secure flag in HTTPS. The underlying issue is that the cookie could be sent over HTTP, potentially allowing remote attackers to capture it. Public documentation in the provided connected sources co...
CVE-2020-14254
CVE-2020-14254 affects HCL BigFix Inventory up to v10.0.2, where TLS-RSA cipher suites are not disabled. The available descriptions state that if TLS 2.0 and secure ciphers are not enabled, an attacker can passively record traffic and later decrypt it. The connected documents corroborate the vuln...
CVE-2023-37527
CVE-2023-37527 describes a reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform . The issue can allow an attacker to execute malicious JavaScript in the application session or database via remote injection while rendering content on a web page. Th...
CVE-2023-37531
The CVE-2023-37531 entry describes a cross-site scripting (XSS) vulnerability in the Web Reports component of the HCL BigFix Platform. The affected component is the Web Reports feature; the root cause is an XSS flaw that could allow a privileged user to inject malicious JavaScript into a form fie...
CVE-2023-37528
CVE-2023-37528 is an XSS vulnerability in the Web Reports component of HCL BigFix Platform. The issue could allow exploitation of an application parameter during execution of the Save Report. The CVE is documented across multiple sources (NVD, Nessus plugin for HCL BigFix Server KB0110209) with r...
CVE-2023-37520
CVE-2023-37520 is an unauthenticated stored XSS affecting HCL BigFix Server 9.5.12.68, located in the Gather Status Report served by the BigFix Relay. The vulnerability could enable data exfiltration. Connected documents confirm the affected product/version and location; exploitation details are ...
CVE-2023-37529
CVE-2023-37529 refers to a cross-site scripting (XSS) vulnerability in the Web Reports component of the HCL BigFix Platform. The affected component could allow an attacker to inject and execute malicious JavaScript in pages used to retrieve cookie information. The provided documents confirm the v...
CVE-2023-37530
CVE-2023-37530 is an XSS vulnerability in the Web Reports component of the HCL BigFix Platform. The affected surface allows an attacker to inject and execute malicious JavaScript in a page used to retrieve cookie-stored information. The primary sources describe this as a cross-site scripting issu...
CVE-2026-21765
CVE-2026-21765 concerns the HCL BigFix Platform, where private cryptographic keys on Windows hosts may have overly permissive file system permissions. The root cause stated is insecure permissions on private keys, potentially exposing confidentiality, integrity, and availability (all scored high)...
CVE-2026-21767
CVE-2026-21767 concerns HCL BigFix Platform. Connected Nessus data specifies that BigFix Server 11.0.x prior to 11.0.6 is affected by an insufficient authentication vulnerability, which may permit access to sensitive areas without proper authentication. The issue is tied to the BigFix Platform’s ...