Hcltech Bigfix Webui
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hcltech Bigfix Webui.
By the Year
In 2025 there have been 0 vulnerabilities in Hcltech Bigfix Webui. Bigfix Webui did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 4 | 7.23 |
2022 | 2 | 6.15 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Bigfix Webui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Bigfix Webui Security Vulnerabilities
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before
CVE-2023-28023
6.5 - Medium
- July 18, 2023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
Session Riding
The BigFix WebUI uses weak cipher suites.
CVE-2023-28021
7.5 - High
- July 18, 2023
The BigFix WebUI uses weak cipher suites.
Inadequate Encryption Strength
URL redirection in Login page in HCL BigFix WebUI
CVE-2023-28020
6.1 - Medium
- July 18, 2023
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
Open Redirect
Insufficient validation in Bigfix WebUI API App site version < 14
CVE-2023-28019
8.8 - High
- July 18, 2023
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
SQL Injection
BigFix WebUI non-master operators are missing controls
CVE-2022-38655
5.8 - Medium
- December 21, 2022
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
Cookie without HTTPONLY flag set
CVE-2021-27764
6.5 - Medium
- May 06, 2022
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Bigfix Webui or by Hcltech? Click the Watch button to subscribe.