CVE-2021-27765

The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

CVE-2021-27767

The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

CVE-2021-27766

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

CVE-2021-27762

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses

CVE-2022-27545

BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.

CVE-2022-27544

BigFix Web Reports authorized users may see SMTP credentials in clear text.

CVE-2021-27761

Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks

CVE-2022-42453

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.

CVE-2022-38659

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.