CVE-2023-28014 – HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-28014
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. HCL BigFix Mobile es vulnerable a ataques de tipo Cross-Site Scripting. Un atacante autenticado podría inyectar scripts maliciosos en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28012 – HCL BigFix Mobile can be affected by a command injection vulnerability
https://notcve.org/view.php?id=CVE-2023-28012
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. HCL BigFix Mobile es vulnerable a ataques de inyección de comandos. Un atacante autenticado podría ejecutar comandos shell arbitrarios en el servidor WebUI. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106372 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-27782 – HCL BigFix Mobile / Modern Client Management Server passwords are susceptible to a brute-force attack
https://notcve.org/view.php?id=CVE-2021-27782
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. Las contraseñas de interfaz de usuario de configuración y administrador de HCL BigFix Mobile/Modern Client Management se pueden forzar por fuerza bruta. El usuario debe ser bloqueado por múltiples intentos no válidos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102477 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2021-27781 – HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting
https://notcve.org/view.php?id=CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. El operador de Master puede ser capaz de insertar la etiqueta de script en HTML con la cookie de visualización de alertas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27780 – HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction
https://notcve.org/view.php?id=CVE-2021-27780
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. El software puede ser vulnerable tanto a la interacción XML no autenticada como a la inscripción de dispositivos no autenticados • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-112: Missing XML Validation •