Hcltech Bigfix Mobile
By the Year
In 2024 there have been 0 vulnerabilities in Hcltech Bigfix Mobile . Last year Bigfix Mobile had 3 security vulnerabilities published. Right now, Bigfix Mobile is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 7.23 |
| 2022 | 3 | 5.53 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Bigfix Mobile vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Bigfix Mobile Security Vulnerabilities
HCL BigFix Mobile is vulnerable to a cross-site scripting attack
CVE-2023-28014
5.4 - Medium
- July 27, 2023
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
XSS
HCL BigFix Mobile is vulnerable to a command injection attack
CVE-2023-28012
8.8 - High
- July 27, 2023
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
Command Injection
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced
CVE-2021-27782
7.5 - High
- January 20, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
Improper Restriction of Excessive Authentication Attempts
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2021-27781
4.8 - Medium
- May 27, 2022
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
XSS
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVE-2021-27780
5.3 - Medium
- May 27, 2022
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27783
6.5 - Medium
- May 25, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Bigfix Mobile or by Hcltech? Click the Watch button to subscribe.
