8 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The BigFix WebUI uses weak cipher suites. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-326: Inadequate Encryption Strength •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105705 • CWE-276: Incorrect Default Permissions •