Lucene search
K
HcltechBigfix Platform

33 matches found

CVE
CVE
added 2022/05/06 6:10 p.m.1497 views

CVE-2021-27765

The CVE-2021-27765 entry relates to BigFix components packaged with InstallShield. Concrete details from connected documents show that BigFix Server API installer (and related BigFix Console/Client installers) use InstallShield and are affected by CVE-2021-41526, which involves InstallScript acti...

7.8CVSS6.6AI score0.00333EPSS
CVE
CVE
added 2023/10/11 6:46 a.m.133 views

CVE-2023-37536

CVE-2023-37536 : Xeroxes-c++ 3.2.3 in BigFix Platform is affected by an integer overflow that enables out-of-bounds access via crafted HTTP requests, potentially allowing remote code execution or application crash. Connected sources corroborate a vulnerable BigFix component and cite the overflow ...

8.8CVSS8.3AI score0.01381EPSS
CVE
CVE
added 2022/05/06 6:10 p.m.92 views

CVE-2021-27767

CVE-2021-27767 stems from the BigFix Console installer built with InstallShield, which is linked to CVE-2021-41526 (InstallScript-based privilege escalation). The connected sources note that InstallShield-related flaws can enable local privilege escalation and, in some reports (CWE-427), may allo...

7.8CVSS6.6AI score0.00187EPSS
CVE
CVE
added 2022/05/06 6:10 p.m.90 views

CVE-2021-27766

CVE-2021-27766 and CVE-2021-27767 relate to the installers used by HCL BigFix: the BigFix Client and Console installers, both built with InstallShield. Connected sources corroborate that the underlying issue is the InstallShield/InstallScript vulnerability CVE-2021-41526, which can allow local pr...

7.8CVSS6.6AI score0.00187EPSS
CVE
CVE
added 2022/07/19 3:40 p.m.90 views

CVE-2022-27544

CVE-2022-27544 affects HCL BigFix Platform (Web Reports): an information disclosure where authorized users can retrieve SMTP credentials in clear text. Root cause is the transfer of SMTP credentials in clear text within Web Reports. Affected product: HCL BigFix Platform/Web Reports. Impact: expos...

6.5CVSS6.1AI score0.00387EPSS
CVE
CVE
added 2022/05/06 6:10 p.m.82 views

CVE-2021-27762

CVE-2021-27762 describes misconfigured security-related HTTP headers resulting in missing or misconfigured headers in web responses. Documented impact per CVSSv3.1 shows a high/severe impact on confidentiality, integrity, and availability (C/H/I/A = HIGH). The root cause is misconfigured/missing ...

9.8CVSS7.1AI score0.00668EPSS
CVE
CVE
added 2022/07/19 3:40 p.m.80 views

CVE-2022-27545

CVE-2022-27545 affects HCL BigFix Platform (BigFix Web Reports). The issue is an HTML injection vulnerability on the email administrative configuration page that could be exploited by an authorized user to inject malicious scripts into a Web page, potentially compromising user sessions (cookie-ba...

5.4CVSS5.7AI score0.00285EPSS
CVE
CVE
added 2024/05/17 11:31 p.m.79 views

CVE-2024-23554

The CVE-2024-23554 entry affects the HCL BigFix Platform and describes a CSRF on a Session Token that could lead to Remote Code Execution (RCE). Affected versions are: prior to 9.5.24, prior to 10.0.11, and prior to 11.0.1. Remediation is to upgrade to 9.5.24 or later, 10.0.11 or later, or 11.0.1...

8.8CVSS7.6AI score0.00271EPSS
CVE
CVE
added 2020/07/16 6:27 p.m.73 views

CVE-2020-4095

BigFix Platform stores credentials in clear text in system memory, enabling a local attacker with privileges to dump memory and extract credentials for pivoting. Affected: BigFix Platform (IBM/HCL), consistent across CVE-2020-4095 sources (NVD/NVD listing, Red Hat advisory, CNVD, PRION/Design-Log...

6CVSS6.2AI score0.00196EPSS
CVE
CVE
added 2022/05/06 6:10 p.m.70 views

CVE-2021-27761

The connected records confirm CVE-2021-27761 affects HCL BigFix Platform, describing a weakness in web transport security (Weak TLS) that may allow an attacker to decrypt data. The vulnerability appears tied to the platform’s web transport protections, with no explicit version, component name, or...

7.5CVSS6.1AI score0.00346EPSS
CVE
CVE
added 2024/03/28 2:26 p.m.70 views

CVE-2023-45715

CVE-2023-45715 affects the HCL BigFix Platform console. A vulnerability causes a service interruption (Denial of Service) when the console processes file names that contain invalid characters. The root cause is not explicitly detailed in the provided documents beyond the impact condition. Current...

4.3CVSS4AI score0.004EPSS
CVE
CVE
added 2024/05/17 11:40 p.m.69 views

CVE-2024-23556

CVE-2024-23556 concerns the HCL BigFix Platform and its SSL/TLS renegotiation feature, which can lead to a Denial of Service. Public sources confirm the issue stems from SSL/TLS renegotiation behavior that may exhaust resources or otherwise disrupt service availability. The primary vulnerability ...

7.5CVSS6.8AI score0.00368EPSS
CVE
CVE
added 2024/03/28 2:19 p.m.66 views

CVE-2023-45706

CVE-2023-45706 affects WebReports/HCL BigFix Platform where an administrative user can trigger a Cross Site Scripting (XSS) and/or a Man in the Middle (MITM) attack via SAML configuration. The connected sources corroborate that the issue involves WebReports and SAML configuration enabling XSS/MIT...

4CVSS3.5AI score0.0026EPSS
CVE
CVE
added 2024/02/02 9:3 p.m.66 views

CVE-2024-23553

CVE-2024-23553 is an XSS vulnerability in the Web Reports component of HCL BigFix Platform caused by missing a specific HTTP header attribute. Public sources describe it as affecting Web Reports and enabling execution of malicious scripts in the application session or on rendered pages. The provi...

5.4CVSS5.2AI score0.00255EPSS
CVE
CVE
added 2022/12/17 7:3 p.m.62 views

CVE-2022-42453

CVE-2022-42453 relates to the HCL BigFix Platform and involves insufficient warnings when a Fixlet is imported by a user. The warning currently assumes the script owner is the logged-in user, and warnings are also insufficient when attempting to run the script. Several connected records (CVE list...

6.9CVSS6.4AI score0.00267EPSS
CVE
CVE
added 2023/12/21 9:44 p.m.62 views

CVE-2023-37519

CVE-2023-37519 is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability affecting HCL BigFix Platform/BigFix Server, specifically in the Download Status Report. Connected sources indicate affected product versions include HCL BigFix Platform 10.0–10.0.9 and 9.5–9.5.22. The vulnerabil...

7.7CVSS5.8AI score0.00249EPSS
CVE
CVE
added 2024/03/28 2:11 p.m.62 views

CVE-2023-45705

HCL BigFix Platform (WebReports) is reported to be susceptible to Server Side Request Forgery (SSRF) via SMTP configuration options. The vulnerability is described as an issue where an administrative user can trigger SSRF through SMTP settings. There are no details in the provided documents about...

7.2CVSS4.1AI score0.00371EPSS
CVE
CVE
added 2024/05/17 11:6 p.m.62 views

CVE-2024-23583

CVE-2024-23583 affects HCL BigFix Platform, specifically the Windows Client Deploy Tool, with root cause described as insufficiently protected credentials. The vulnerability could allow an attacker to intercept credentials via Task Manager and gain unauthorized access to the Client Deploy Tool on...

6.7CVSS6.8AI score0.00157EPSS
CVE
CVE
added 2024/10/14 10:55 p.m.61 views

CVE-2024-30117

CVE-2024-30117 (HCL BigFix Platform) is a DLL hijack vulnerability where a dynamic search for a prerequisite library could allow an attacker to replace the correct file under certain conditions. Connected sources indicate affected versions on BigFix Server: 9.5.x prior to 9.5.25, 10.0.x prior to ...

5.3CVSS4.2AI score0.00198EPSS
CVE
CVE
added 2025/04/15 6:7 p.m.58 views

CVE-2024-42189

CVE-2024-42189 affects HCL BigFix Web Reports. The issue is a Denial of Service caused by potentially weak validation of an API parameter, exploitable over the network with no required privileges and user interaction. The provided documents describe the vulnerability and reference the KB0120585 a...

6.5CVSS6.5AI score0.00262EPSS
CVE
CVE
added 2022/12/17 6:44 p.m.57 views

CVE-2022-38659

CVE-2022-38659 affects HCL BigFix Platform on Windows, where operator credentials may be encrypted in a way that is not completely machine-dependent. The issue is described across multiple sources as insecure credential storage, with the core problem in credentials encryption/mechanism rather tha...

7.8CVSS6.7AI score0.00126EPSS
CVE
CVE
added 2025/04/15 6:0 p.m.57 views

CVE-2024-42200

CVE-2024-42200 affects HCL BigFix Web Reports, where stored XSS can arise from weak input validation of user-supplied data. The consolidated sources describe the issue as a Stored Cross-Site Scripting vulnerability in the Web Reports component of HCL BigFix, with no detailed exploit path or confi...

5.4CVSS5.8AI score0.00199EPSS
CVE
CVE
added 2025/04/15 6:16 p.m.55 views

CVE-2024-42193

CVE-2024-42193 refers to a weakness in SSL certificate validation in the HCL BigFix Web Reports service. The connected Nessus entry (KB0120585) ties this to affected HCL BigFix Server versions: 10.0.x before 10.0.13 and 11.x before 11.0.4, indicating a MITM risk and potential unauthorized access ...

8.1CVSS6.3AI score0.00239EPSS
CVE
CVE
added 2020/12/16 2:11 p.m.54 views

CVE-2020-14248

CVE-2020-14248 concerns IBM BigFix Inventory up to v10.0.2, where a session cookie does not set the secure flag in HTTPS. The underlying issue is that the cookie could be sent over HTTP, potentially allowing remote attackers to capture it. Public documentation in the provided connected sources co...

5.3CVSS5.3AI score0.00664EPSS
CVE
CVE
added 2020/12/16 2:7 p.m.48 views

CVE-2020-14254

CVE-2020-14254 affects HCL BigFix Inventory up to v10.0.2, where TLS-RSA cipher suites are not disabled. The available descriptions state that if TLS 2.0 and secure ciphers are not enabled, an attacker can passively record traffic and later decrypt it. The connected documents corroborate the vuln...

7.5CVSS7.4AI score0.0064EPSS
CVE
CVE
added 2024/02/02 6:10 p.m.48 views

CVE-2023-37527

CVE-2023-37527 describes a reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform . The issue can allow an attacker to execute malicious JavaScript in the application session or database via remote injection while rendering content on a web page. Th...

6.1CVSS6AI score0.00356EPSS
CVE
CVE
added 2024/02/03 5:27 a.m.45 views

CVE-2023-37528

CVE-2023-37528 is an XSS vulnerability in the Web Reports component of HCL BigFix Platform. The issue could allow exploitation of an application parameter during execution of the Save Report. The CVE is documented across multiple sources (NVD, Nessus plugin for HCL BigFix Server KB0110209) with r...

6.5CVSS6.1AI score0.00337EPSS
CVE
CVE
added 2024/02/02 8:7 p.m.45 views

CVE-2023-37531

The CVE-2023-37531 entry describes a cross-site scripting (XSS) vulnerability in the Web Reports component of the HCL BigFix Platform. The affected component is the Web Reports feature; the root cause is an XSS flaw that could allow a privileged user to inject malicious JavaScript into a form fie...

4.8CVSS4AI score0.00359EPSS
CVE
CVE
added 2023/12/21 10:13 p.m.43 views

CVE-2023-37520

CVE-2023-37520 is an unauthenticated stored XSS affecting HCL BigFix Server 9.5.12.68, located in the Gather Status Report served by the BigFix Relay. The vulnerability could enable data exfiltration. Connected documents confirm the affected product/version and location; exploitation details are ...

7.7CVSS5.9AI score0.00249EPSS
CVE
CVE
added 2024/02/02 7:45 p.m.43 views

CVE-2023-37529

CVE-2023-37529 refers to a cross-site scripting (XSS) vulnerability in the Web Reports component of the HCL BigFix Platform. The affected component could allow an attacker to inject and execute malicious JavaScript in pages used to retrieve cookie information. The provided documents confirm the v...

5.4CVSS3.7AI score0.00335EPSS
CVE
CVE
added 2024/02/02 8:2 p.m.32 views

CVE-2023-37530

CVE-2023-37530 is an XSS vulnerability in the Web Reports component of the HCL BigFix Platform. The affected surface allows an attacker to inject and execute malicious JavaScript in a page used to retrieve cookie-stored information. The primary sources describe this as a cross-site scripting issu...

5.4CVSS3.7AI score0.00335EPSS
CVE
CVE
added 2026/04/01 11:36 p.m.14 views

CVE-2026-21765

CVE-2026-21765 concerns the HCL BigFix Platform, where private cryptographic keys on Windows hosts may have overly permissive file system permissions. The root cause stated is insecure permissions on private keys, potentially exposing confidentiality, integrity, and availability (all scored high)...

8.8CVSS5.9AI score0.00101EPSS
CVE
CVE
added 2026/04/01 11:47 p.m.10 views

CVE-2026-21767

CVE-2026-21767 concerns HCL BigFix Platform. Connected Nessus data specifies that BigFix Server 11.0.x prior to 11.0.6 is affected by an insufficient authentication vulnerability, which may permit access to sensitive areas without proper authentication. The issue is tied to the BigFix Platform’s ...

4CVSS5.9AI score0.00114EPSS