Hcltech: >> Bigfix Mobile Security Vulnerabilities
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-07-27
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
CVSS Score
6.6
EPSS Score
0.001
Published
2023-07-27
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.
User should be locked out for multiple invalid attempts.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-20
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-05-27
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-27
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-05-25