Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  >> Bigfix Platform  >> 9.5.20  Security Vulnerabilities
CVE-2024-23553
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.
CVSS Score
3.0
EPSS Score
0.003
Published
2024-02-02
CVE-2023-37527
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-02
CVE-2023-37520
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
CVSS Score
7.7
EPSS Score
0.002
Published
2023-12-21
CVE-2023-37519
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. 
CVSS Score
7.7
EPSS Score
0.002
Published
2023-12-21
CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVSS Score
8.2
EPSS Score
0.011
Published
2023-10-11
CVE-2022-38659
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
CVSS Score
6.0
EPSS Score
0.001
Published
2022-12-19
CVE-2022-42453
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.
CVSS Score
6.9
EPSS Score
0.001
Published
2022-12-19
CVE-2020-14248
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-12-16
CVE-2020-14254
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-12-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved