4 matches found
CVE-2021-27764
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
CVE-2020-4104
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sys...
CVE-2023-28021
The BigFix WebUI uses weak cipher suites.
CVE-2023-28020
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.