Hcltech

Bigfix Compliance

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-42213

  • EPSS 0.04%
  • Veröffentlicht 05.05.2025 19:00:33
  • Zuletzt bearbeitet 17.06.2025 21:04:01

HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information dis...

5.4

CVE-2024-42212

  • EPSS 0.02%
  • Veröffentlicht 05.05.2025 18:40:57
  • Zuletzt bearbeitet 17.06.2025 21:04:05

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessi...

5.4

CVE-2024-30140

  • EPSS 0.07%
  • Veröffentlicht 07.11.2024 09:15:03
  • Zuletzt bearbeitet 17.06.2025 21:03:05

HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.

4.7

CVE-2024-30141

  • EPSS 0.11%
  • Veröffentlicht 07.11.2024 09:15:03
  • Zuletzt bearbeitet 17.06.2025 21:03:22

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.

3.8

CVE-2024-30142

  • EPSS 0.03%
  • Veröffentlicht 07.11.2024 09:15:03
  • Zuletzt bearbeitet 17.06.2025 21:03:34

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...

4.7

CVE-2024-30126

  • EPSS 0.4%
  • Veröffentlicht 18.07.2024 20:15:03
  • Zuletzt bearbeitet 17.06.2025 21:02:33

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website wit...

6.2

CVE-2024-30125

  • EPSS 0.07%
  • Veröffentlicht 18.07.2024 18:15:05
  • Zuletzt bearbeitet 17.06.2025 21:02:15

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.

6.5

CVE-2024-23551

  • EPSS 0.05%
  • Veröffentlicht 07.05.2024 22:15:07
  • Zuletzt bearbeitet 21.11.2024 08:57:55

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unautho...

7.5

CVE-2021-27756

  • EPSS 0.14%
  • Veröffentlicht 04.03.2022 22:15:18
  • Zuletzt bearbeitet 21.11.2024 05:58:30

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."