CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28012 – HCL BigFix Mobile can be affected by a command injection vulnerability
https://notcve.org/view.php?id=CVE-2023-28012
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. HCL BigFix Mobile es vulnerable a ataques de inyección de comandos. Un atacante autenticado podría ejecutar comandos shell arbitrarios en el servidor WebUI. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106372 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28013 – HCL Verse is susceptible to a Reflected Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-28013
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. HCL BigFix Mobile es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Un atacante autenticado podría inyectar scripts maliciosos en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28023 – HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability
https://notcve.org/view.php?id=CVE-2023-28023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28021 – BigFix WebUI is vulnerable to use of a risky cryptographic algorithm
https://notcve.org/view.php?id=CVE-2023-28021
The BigFix WebUI uses weak cipher suites. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28020 – URL redirection affects BigFix WebUI
https://notcve.org/view.php?id=CVE-2023-28020
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •