CVE-2025-0277
- EPSS 0.05%
- Veröffentlicht 16.10.2025 08:27:54
- Zuletzt bearbeitet 21.10.2025 18:15:34
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
CVE-2025-0276
- EPSS 0.05%
- Veröffentlicht 16.10.2025 08:25:49
- Zuletzt bearbeitet 21.10.2025 13:03:12
HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of script...
CVE-2025-0275
- EPSS 0.04%
- Veröffentlicht 16.10.2025 05:14:24
- Zuletzt bearbeitet 21.10.2025 18:17:18
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
CVE-2025-0274
- EPSS 0.04%
- Veröffentlicht 16.10.2025 04:56:49
- Zuletzt bearbeitet 21.10.2025 18:21:10
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
CVE-2023-28025
- EPSS 0.06%
- Veröffentlicht 21.12.2023 01:15:32
- Zuletzt bearbeitet 21.11.2024 07:53:57
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validat...
CVE-2021-27783
- EPSS 0.11%
- Veröffentlicht 25.05.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:58:33
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.