Hcltech Bigfix Webui
By the Year
In 2023 there have been 4 vulnerabilities in Hcltech Bigfix Webui with an average score of 7.2 out of ten. Last year Bigfix Webui had 2 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 1.08.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 4 | 7.23 |
| 2022 | 2 | 6.15 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Bigfix Webui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Bigfix Webui Security Vulnerabilities
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before
CVE-2023-28023
6.5 - Medium
- July 18, 2023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
Session Riding
The BigFix WebUI uses weak cipher suites.
CVE-2023-28021
7.5 - High
- July 18, 2023
The BigFix WebUI uses weak cipher suites.
Inadequate Encryption Strength
URL redirection in Login page in HCL BigFix WebUI
CVE-2023-28020
6.1 - Medium
- July 18, 2023
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
Open Redirect
Insufficient validation in Bigfix WebUI API App site version < 14
CVE-2023-28019
8.8 - High
- July 18, 2023
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
SQL Injection
BigFix WebUI non-master operators are missing controls
CVE-2022-38655
5.8 - Medium
- December 21, 2022
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
Cookie without HTTPONLY flag set
CVE-2021-27764
6.5 - Medium
- May 06, 2022
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Bigfix Webui or by Hcltech? Click the Watch button to subscribe.
