CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27767 – HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27767
06 May 2022 — The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de BigFix Console se crea con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podría permitir a un usuario local llevar a cabo una escalada de privilegios. Esta vulnerabilidad ... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0025/MNDT-2022-0025.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27766 – HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27766
06 May 2022 — The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de BigFix Client es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podía permitir a un usuario local llevar a cabo una elevación de privilegios. Esta vulnerabilidad ... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27765 – HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27765
06 May 2022 — The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. El instalador de la API de BigFix Server es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que podía permitir a un usuario local llevar a cabo una elevación de privilegios. Esta v... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0023/MNDT-2022-0023.md • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27762 – HCL BigFix Platform is affected by misconfigured security-related HTTP headers
https://notcve.org/view.php?id=CVE-2021-27762
06 May 2022 — Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses Unos encabezados HTTP relacionadas con la seguridad configurados inapropiadamente: Varios encabezados relacionados con la seguridad faltaban o estaban configurados inapropiadamente en las respuestas web • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27761 – HCL BigFix Platform is affected by weak web transport security
https://notcve.org/view.php?id=CVE-2021-27761
06 May 2022 — Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks Una seguridad de transporte web débil (TLS débil): Un atacante puede ser capaz de descifrar los datos usando ataques • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14248
https://notcve.org/view.php?id=CVE-2020-14248
16 Dec 2020 — BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. BigFix Inventory versiones hasta v10.0.2, no establece el indicador de seguridad para la cookie de sesión en una sesión https, lo que puede causar que la cookie se envíe en peticiones http y facilita a unos atacantes remotos capturar esta cookie • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14254
https://notcve.org/view.php?id=CVE-2020-14254
16 Dec 2020 — TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. Los conjuntos de cifrado TLS-RSA no están deshabilitados en HCL BigFix Inventory versiones hasta v10.0.2. Si TLS versión 2.0 y los cifrados seguros no están habilitados, un atacante puede registrar el tráfico de forma pasiva y luego descifrarlo • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4095
https://notcve.org/view.php?id=CVE-2020-4095
16 Jul 2020 — "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access." BigFix Platform está almacenando credenciales de texto sin cifrar dentro de la memoria del sistema. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080772 • CWE-312: Cleartext Storage of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4058
https://notcve.org/view.php?id=CVE-2019-4058
20 May 2019 — IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. IBM BigFix Platform 9.2 y 9.5 podría permitir que un usuario con pocos privilegios manipule la Interfaz de Usuario para exponer los elementos de la interfaz y la información normalmente restringida a los administradores. ID de IBM X-Force: 156570. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156570 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4011
https://notcve.org/view.php?id=CVE-2019-4011
20 May 2019 — IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885. IBM BigFix Platform 9.2 y 9.5 es vulnerable a una secuencia de comandos del tipo cross-site. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la Interfaz de Usuario Web, por lo tanto, alt... • https://exchange.xforce.ibmcloud.com/vulnerabilities/155885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •