Hcltech ≫ Bigfix Platform

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.

BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.

BigFix Web Reports authorized users may see SMTP credentials in clear text.

The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version...

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version ...

The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield vers...

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses

Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks