3 matches found
CVE-2023-23344
CVE-2023-23344 affects HCL BigFix WebUI Insights, specifically site version 14. A permission issue allows an authenticated, unprivileged operator to access an administrator page. The security concerns are documented across multiple sources (NVD/NVD-enriched, CVE listings, and PT Security) and con...
CVE-2025-15633
The CVE describes an improper authorization flaw in HCL BigFix WebUI. An authenticated user lacking Master Operator privileges can access internal data (site names, versions, configuration variables) via unprotected endpoints that do not enforce security headers. This indicates a privilege check ...
CVE-2025-15634
CVE-2025-15634: In HCL BigFix WebUI, a missing authorization flaw lets an authenticated user with LOW privileges view sensitive environmental information via direct URL access to an unauthorized page. Impact: confidentiality (environmental data) exposed; attack vector: network; complexity: low; r...