Hcltech: >> Bigfix Compliance >> 2.0.5 Security Vulnerabilities
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-07-18
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-07-18
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
CVSS Score
7.5
EPSS Score
0.001
Published
2022-03-04