Bigfix Mobile Hcltech Bigfix Mobile

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Hcltech Bigfix Mobile.

By the Year

In 2025 there have been 0 vulnerabilities in Hcltech Bigfix Mobile. Bigfix Mobile did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 3 7.23
2022 3 5.53
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Bigfix Mobile vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Hcltech Bigfix Mobile Security Vulnerabilities

HCL BigFix Mobile is vulnerable to a cross-site scripting attack

CVE-2023-28014 5.4 - Medium - July 27, 2023

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.

XSS

HCL BigFix Mobile is vulnerable to a command injection attack

CVE-2023-28012 8.8 - High - July 27, 2023

HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.

Command Injection

HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced

CVE-2021-27782 7.5 - High - January 20, 2023

HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.

Improper Restriction of Excessive Authentication Attempts

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.

CVE-2021-27781 4.8 - Medium - May 27, 2022

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.

XSS

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

CVE-2021-27780 5.3 - Medium - May 27, 2022

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.

CVE-2021-27783 6.5 - Medium - May 25, 2022

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.

Missing Encryption of Sensitive Data

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Hcltech Bigfix Mobile or by Hcltech? Click the Watch button to subscribe.

Hcltech
Vendor

subscribe