Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-0274 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | N/A | 5.3 MEDIUM |
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. | |||||
CVE-2025-0275 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | N/A | 5.3 MEDIUM |
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. | |||||
CVE-2025-0277 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | N/A | 6.5 MEDIUM |
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content. | |||||
CVE-2025-0276 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | N/A | 6.5 MEDIUM |
HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content. | |||||
CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2025-04-02 | N/A | 5.4 MEDIUM |
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | N/A | 6.6 MEDIUM |
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | |||||
CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | N/A | 5.4 MEDIUM |
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | |||||
CVE-2021-27783 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | |||||
CVE-2021-27781 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2024-11-21 | 3.5 LOW | 6.6 MEDIUM |
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | |||||
CVE-2021-27780 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. |