Hcl Bigfix
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hcl Bigfix.
By the Year
In 2026 there have been 0 vulnerabilities in Hcl Bigfix. Last year, in 2025 Bigfix had 8 security vulnerabilities published. Right now, Bigfix is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 8 | 5.20 |
| 2024 | 2 | 5.45 |
It may take a day or so for new Bigfix vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcl Bigfix Security Vulnerabilities
HCL BigFix Remote Control Lite Web Portal 10.1.0.0326: Path-Relative Stylesheet Import XSS
CVE-2025-55254
3.7 - Low
- December 17, 2025
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.
Open Redirect
CVE-2025-59849 HCL BigFix Remote Control Web Portal 10.1.0.0326 Improper CSP
CVE-2025-59849
4.7 - Medium
- December 17, 2025
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
Clickjacking
Missing Security Headers in BigFix SaaS HTTP Responses
CVE-2025-52622
5.4 - Medium
- December 02, 2025
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.
Insecure Default Initialization of Resource
HCL BigFix Query: Sensitive Info Disclosure via WebUI Query
CVE-2025-52602
4.2 - Medium
- November 05, 2025
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks.
Privacy violation
CVE-2025-0277: HCL BigFix Mobile 3.3 CSP Insecure Directives XSS risk
CVE-2025-0277
6.5 - Medium
- October 16, 2025
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
Protection Mechanism Failure
HCL BigFix MCM <=3.3 CSP insecure directive vulnerability
CVE-2025-0276
6.5 - Medium
- October 16, 2025
HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
Protection Mechanism Failure
HCL BigFix Mobile 3.3 Improper Access Control (CVE-2025-0275)
CVE-2025-0275
5.3 - Medium
- October 16, 2025
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
Missing Authentication for Critical Function
Unauthorized Access in HCL BigFix MCM 3.3 and Earlier
CVE-2025-0274
5.3 - Medium
- October 16, 2025
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
Missing Authentication for Critical Function
XSS in HCL BigFix Web Reports component
CVE-2023-37531
4.8 - Medium
- February 29, 2024
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access.
XSS
HCL BigFix XSS in Web Reports Save Report
CVE-2023-37528
6.1 - Medium
- February 03, 2024
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcl Bigfix or by Hcl? Click the Watch button to subscribe.
