Lucene search
K
HcltechBigfix Webui

7 matches found

CVE
CVE
added 2023/07/18 5:57 p.m.2490 views

CVE-2023-28019

CVE-2023-28019 concerns the Bigfix WebUI API App. The issue is described as insufficient validation in the WebUI API, affecting versions prior to 14, enabling an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. The root cause is unparameterized queries/insufficient ...

8.8CVSS6.4AI score0.00386EPSS
CVE
CVE
added 2022/05/06 6:10 p.m.85 views

CVE-2021-27764

CVE-2021-27764 affects HCL BigFix Platform WebUI where a NUMBER cookie is set without Secure or HTTPOnly flags. The available connected documents confirm the issue is a missing HTTPOnly flag in cookies used by WebUI, leading to potential cookie exposure. No exploitation details or affected versio...

7.4CVSS6.7AI score0.00517EPSS
CVE
CVE
added 2022/12/20 4:51 a.m.65 views

CVE-2022-38655

CVE-2022-38655 concerns the HCL BigFix WebUI where non-master operators lack proper permission checks. Connected sources indicate that these operators can modify the relevance of fixlets or deploy fixlets from the BES Support external site, due to a missing-permission-control vulnerability in the...

6.4CVSS5.8AI score0.00384EPSS
CVE
CVE
added 2023/07/18 6:55 p.m.51 views

CVE-2023-28021

CVE-2023-28021 concerns HCL BigFix WebUI and the use of weak cipher suites. The vulnerability is described across multiple feeds as a crypto-related weakness affecting the WebUI, with confidentiality impact; no explicit exploitation details or affected version ranges are provided in the supplied ...

7.5CVSS6.3AI score0.00252EPSS
CVE
CVE
added 2020/07/17 8:46 p.m.47 views

CVE-2020-4104

CVE-2020-4104 affects HCL BigFix WebUI (Apps->Software module). The vulnerability is a stored XSS flaw caused by lack of proper validation of client data in the web application, allowing an attacker to deliver malicious scripts to authenticated users and execute client-side code. Impact is des...

5.4CVSS5AI score0.00521EPSS
CVE
CVE
added 2023/07/18 6:9 p.m.40 views

CVE-2023-28020

CVE-2023-28020 concerns a URL redirection in the login page of HCL BigFix WebUI that allows a malicious user to redirect a client browser to an external site via a redirect URL response header. The connected PT-2023-21486 entry explicitly notes the vulnerable software is HCL BigFix WebUI and desc...

6.1CVSS5.1AI score0.00318EPSS
CVE
CVE
added 2023/07/18 7:7 p.m.39 views

CVE-2023-28023

The CVE-2023-28023 issue affects the BigFix WebUI Software Distribution interface (versions prior to 44). A cross-site request forgery allows an attacker to access files on server-side systems (server machine and networked hosts). The PT Security advisory for BigFix WebUI recommends upgrading to ...

6.5CVSS5.4AI score0.00143EPSS