Hcltech: >> Bigfix Compliance >> 2.0.9 Security Vulnerabilities
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-01-28
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
CVSS Score
4.7
EPSS Score
0.005
Published
2024-07-18
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-07-18