Hcltech: >> Bigfix Platform >> 10.0.11 Security Vulnerabilities
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-04-15
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-15
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-15
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
CVSS Score
2.5
EPSS Score
0.001
Published
2024-10-14