CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27767 – HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27767
06 May 2022 — The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de BigFix Console se crea con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podría permitir a un usuario local llevar a cabo una escalada de privilegios. Esta vulnerabilidad ... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0025/MNDT-2022-0025.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27766 – HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27766
06 May 2022 — The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de BigFix Client es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podía permitir a un usuario local llevar a cabo una elevación de privilegios. Esta vulnerabilidad ... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27765 – HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27765
06 May 2022 — The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de la API de BigFix Server es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podía permitir a un usuario local llevar a cabo una elevación de privilegios. Esta v... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0023/MNDT-2022-0023.md • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27762 – HCL BigFix Platform is affected by misconfigured security-related HTTP headers
https://notcve.org/view.php?id=CVE-2021-27762
06 May 2022 — Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses Unos encabezados HTTP relacionadas con la seguridad configurados inapropiadamente: Varios encabezados relacionados con la seguridad faltaban o estaban configurados inapropiadamente en las respuestas web • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27761 – HCL BigFix Platform is affected by weak web transport security
https://notcve.org/view.php?id=CVE-2021-27761
06 May 2022 — Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks Una seguridad de transporte web débil (TLS débil): Un atacante puede ser capaz de descifrar los datos usando ataques • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14248
https://notcve.org/view.php?id=CVE-2020-14248
16 Dec 2020 — BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. BigFix Inventory versiones hasta v10.0.2, no establece el indicador de seguridad para la cookie de sesión en una sesión https, lo que puede causar que la cookie se envíe en peticiones http y facilita a unos atacantes remotos capturar esta cookie • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14254
https://notcve.org/view.php?id=CVE-2020-14254
16 Dec 2020 — TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. Los conjuntos de cifrado TLS-RSA no están deshabilitados en HCL BigFix Inventory versiones hasta v10.0.2. Si TLS versión 2.0 y los cifrados seguros no están habilitados, un atacante puede registrar el tráfico de forma pasiva y luego descifrarlo • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •