Hcltech Bigfix Mobile
By the Year
In 2023 there have been 3 vulnerabilities in Hcltech Bigfix Mobile with an average score of 7.2 out of ten. Last year Bigfix Mobile had 3 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2023 is greater by 1.70.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 3 | 7.23 |
| 2022 | 3 | 5.53 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Bigfix Mobile vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Bigfix Mobile Security Vulnerabilities
HCL BigFix Mobile is vulnerable to a cross-site scripting attack
CVE-2023-28014
5.4 - Medium
- July 27, 2023
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
XSS
HCL BigFix Mobile is vulnerable to a command injection attack
CVE-2023-28012
8.8 - High
- July 27, 2023
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
Command Injection
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced
CVE-2021-27782
7.5 - High
- January 20, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
Improper Restriction of Excessive Authentication Attempts
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2021-27781
4.8 - Medium
- May 27, 2022
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
XSS
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVE-2021-27780
5.3 - Medium
- May 27, 2022
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27783
6.5 - Medium
- May 25, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Bigfix Mobile or by Hcltech? Click the Watch button to subscribe.
