CVE-2021-27782 – HCL BigFix Mobile / Modern Client Management Server passwords are susceptible to a brute-force attack
https://notcve.org/view.php?id=CVE-2021-27782
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. Las contraseñas de interfaz de usuario de configuración y administrador de HCL BigFix Mobile/Modern Client Management se pueden forzar por fuerza bruta. El usuario debe ser bloqueado por múltiples intentos no válidos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102477 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2021-27781 – HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting
https://notcve.org/view.php?id=CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. El operador de Master puede ser capaz de insertar la etiqueta de script en HTML con la cookie de visualización de alertas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27780 – HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction
https://notcve.org/view.php?id=CVE-2021-27780
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. El software puede ser vulnerable tanto a la interacción XML no autenticada como a la inscripción de dispositivos no autenticados • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-112: Missing XML Validation •
CVE-2021-27783 – HCL BigFix Mobile / Modern Client Management is vulnerable to sensitive information exposure
https://notcve.org/view.php?id=CVE-2021-27783
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. El archivo PPKG generado por el usuario para Bulk Enroll puede tener expuesta información confidencial sin cifrar • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098586 • CWE-311: Missing Encryption of Sensitive Data •