CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42453 – HCL BigFix Platform is affected by insufficient warnings
https://notcve.org/view.php?id=CVE-2022-42453
17 Dec 2022 — There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. No hay advertencias suficientes cuando un usuario importa un Fixlet. El mensaje de advertencia actualmente supone que el propietario del script es el usuario que inició sesión, con advertencias insuficientes al intentar ejecutar el script. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38659 – HCL BigFix Platform is affected by insecure credential storage
https://notcve.org/view.php?id=CVE-2022-38659
17 Dec 2022 — In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. En escenarios específicos, en Windows las credenciales del operador pueden cifrarse de una manera que no dependa completamente de la máquina. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27545 – HCL BigFix Web Reports authorized users may perform HTML injection.
https://notcve.org/view.php?id=CVE-2022-27545
19 Jul 2022 — BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. Los usuarios autorizados de BigFix Web Reports pueden llevar a cabo una inyección de HTML para la página de configuración administrativa del correo electrónico. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098998 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27544 – HCL BigFix Web Reports authorized users may see sensitive information in clear text
https://notcve.org/view.php?id=CVE-2022-27544
19 Jul 2022 — BigFix Web Reports authorized users may see SMTP credentials in clear text. Los usuarios autorizados de BigFix Web Reports pueden visualizar las credenciales SMTP en texto sin cifrar. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098998 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27767 – HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27767
06 May 2022 — The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de BigFix Console se crea con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podría permitir a un usuario local llevar a cabo una escalada de privilegios. Esta vulnerabilidad ... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0025/MNDT-2022-0025.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27766 – HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27766
06 May 2022 — The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de BigFix Client es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podía permitir a un usuario local llevar a cabo una elevación de privilegios. Esta vulnerabilidad ... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27765 – HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27765
06 May 2022 — The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de la API de BigFix Server es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podía permitir a un usuario local llevar a cabo una elevación de privilegios. Esta v... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0023/MNDT-2022-0023.md • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27762 – HCL BigFix Platform is affected by misconfigured security-related HTTP headers
https://notcve.org/view.php?id=CVE-2021-27762
06 May 2022 — Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses Unos encabezados HTTP relacionadas con la seguridad configurados inapropiadamente: Varios encabezados relacionados con la seguridad faltaban o estaban configurados inapropiadamente en las respuestas web • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27761 – HCL BigFix Platform is affected by weak web transport security
https://notcve.org/view.php?id=CVE-2021-27761
06 May 2022 — Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks Una seguridad de transporte web débil (TLS débil): Un atacante puede ser capaz de descifrar los datos usando ataques • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14248
https://notcve.org/view.php?id=CVE-2020-14248
16 Dec 2020 — BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. BigFix Inventory versiones hasta v10.0.2, no establece el indicador de seguridad para la cookie de sesión en una sesión https, lo que puede causar que la cookie se envíe en peticiones http y facilita a unos atacantes remotos capturar esta cookie • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735 • CWE-319: Cleartext Transmission of Sensitive Information •