Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  >> Bigfix Platform  >> 11.0.0  Security Vulnerabilities
CVE-2024-42193
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-04-15
CVE-2024-42200
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-04-15
CVE-2024-42189
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-15
CVE-2024-30117
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
CVSS Score
2.5
EPSS Score
0.001
Published
2024-10-14
CVE-2023-45705
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-03-28
CVE-2023-45706
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.
CVSS Score
2.0
EPSS Score
0.005
Published
2024-03-28
CVE-2023-45715
The console may experience a service interruption when processing file names with invalid characters.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-03-28
CVE-2023-37529
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.
CVSS Score
3.0
EPSS Score
0.006
Published
2024-02-29
CVE-2023-37530
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information.
CVSS Score
3.0
EPSS Score
0.008
Published
2024-02-29
CVE-2023-37531
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access.
CVSS Score
3.3
EPSS Score
0.005
Published
2024-02-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved