Hcltech

Bigfix Platform

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2023-45706

  • EPSS 0.48%
  • Veröffentlicht 28.03.2024 15:15:45
  • Zuletzt bearbeitet 08.01.2026 18:47:06

An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.

7.2

CVE-2023-45705

  • EPSS 0.23%
  • Veröffentlicht 28.03.2024 15:15:45
  • Zuletzt bearbeitet 28.03.2025 21:15:15

An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.

4.8

CVE-2023-37531

  • EPSS 0.54%
  • Veröffentlicht 29.02.2024 01:40:04
  • Zuletzt bearbeitet 03.06.2025 19:15:33

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access.

5.4

CVE-2023-37530

  • EPSS 0.78%
  • Veröffentlicht 29.02.2024 01:40:04
  • Zuletzt bearbeitet 03.06.2025 19:15:33

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information.

5.4

CVE-2023-37529

  • EPSS 0.6%
  • Veröffentlicht 29.02.2024 01:40:04
  • Zuletzt bearbeitet 03.06.2025 19:15:33

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vuln...

6.1

CVE-2023-37528

  • EPSS 0.28%
  • Veröffentlicht 03.02.2024 06:15:46
  • Zuletzt bearbeitet 03.06.2025 19:15:32

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.

5.4

CVE-2024-23553

  • EPSS 0.31%
  • Veröffentlicht 02.02.2024 21:15:08
  • Zuletzt bearbeitet 03.06.2025 19:15:38

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.

6.1

CVE-2023-37527

  • EPSS 0.12%
  • Veröffentlicht 02.02.2024 19:15:07
  • Zuletzt bearbeitet 03.06.2025 19:15:32

A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while render...

6.1

CVE-2023-37520

  • EPSS 0.16%
  • Veröffentlicht 21.12.2023 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:11:51

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

6.1

CVE-2023-37519

  • EPSS 0.16%
  • Veröffentlicht 21.12.2023 22:15:13
  • Zuletzt bearbeitet 23.04.2025 17:16:33

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.