CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30117 – HCL BigFix Platform is affected by a DLL Hijack vulnerability
https://notcve.org/view.php?id=CVE-2024-30117
14 Oct 2024 — A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23556 – HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation
https://notcve.org/view.php?id=CVE-2024-23556
17 May 2024 — SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. La funcionalidad de renegociación SSL/TLS puede conducir a una vulnerabilidad de ataque DoS. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23554 – HCL BigFix Platform is susceptible to Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-23554
17 May 2024 — Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el token de sesión que podría conducir a la ejecución remota de código (RCE). • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23583 – HCL BigFix Platform is susceptible to insufficiently protected credentials
https://notcve.org/view.php?id=CVE-2024-23583
17 May 2024 — An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Un atacante podría potencialmente interceptar las credenciales a través del administrador de tareas y realizar acceso no autorizado a Client Deploy Tool en sistemas Windows. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37528 – A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform
https://notcve.org/view.php?id=CVE-2023-37528
03 Feb 2024 — A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. Vulnerabilidad de Cross-Site Scripting (XSS) en el componente Web Reports de HCL BigFix Platform posiblemente pueda permitir que un ataque explote un parámetro de la aplicación durante la ejecución de Save Report. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23553 – A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform
https://notcve.org/view.php?id=CVE-2024-23553
02 Feb 2024 — A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en el componente Web Reports de HCL BigFix Platform debido a que falta un atributo de encabezado http específico. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37527 – A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform
https://notcve.org/view.php?id=CVE-2023-37527
02 Feb 2024 — A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en el componente Web Reports de HCL BigFix Platform posiblemente pueda permitir que un atacante ejecute código javascript malicioso en la sesión de la aplicación o en la base d... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37520 – HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-37520
21 Dec 2023 — Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada identificada en BigFix Server versión 9.5.12.68, lo que permite una posible filtración de datos. Esta vulnerabilidad XSS se encuentra en el Gather Status Report, que proporciona BigFix Relay. Unau... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37519 – HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-37519
21 Dec 2023 — Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada. Esta vulnerabilidad XSS se encuentra en Download Status Report, que proporciona BigFix Server. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 4%CPEs: 4EXPL: 0CVE-2023-37536 – HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
https://notcve.org/view.php?id=CVE-2023-37536
11 Oct 2023 — An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de límites a través de una solicitud HTTP. An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability. ... • https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •