Vulnerabilities (CVE)

Filtered by vendor Hcltech Subscribe
Filtered by product Bigfix Mobile
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28014 1 Hcltech 1 Bigfix Mobile 2024-11-21 N/A 6.6 MEDIUM
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
CVE-2023-28012 1 Hcltech 1 Bigfix Mobile 2024-11-21 N/A 5.4 MEDIUM
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVE-2021-27783 1 Hcltech 2 Bigfix Mobile, Bigfix Modern Client Management 2024-11-21 4.0 MEDIUM 6.8 MEDIUM
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27782 1 Hcltech 1 Bigfix Mobile 2024-11-21 N/A 5.4 MEDIUM
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
CVE-2021-27781 1 Hcltech 2 Bigfix Mobile, Modern Client Management 2024-11-21 3.5 LOW 6.6 MEDIUM
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2021-27780 1 Hcltech 2 Bigfix Mobile, Modern Client Management 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.