Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  >> Bigfix Mobile  Security Vulnerabilities
CVE-2025-0277
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-16
CVE-2025-0276
HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-16
CVE-2025-0275
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-16
CVE-2025-0274
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-16
CVE-2023-28012
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-07-27
CVE-2023-28014
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
CVSS Score
6.6
EPSS Score
0.001
Published
2023-07-27
CVE-2021-27782
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-20
CVE-2021-27780
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-05-27
CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-27
CVE-2021-27783
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved