Known Vulnerabilities for Bigfix Webui by Hcltech

Listed below are 7 of the newest known vulnerabilities associated with "Bigfix Webui" by "Hcltech".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2023-28023 json	A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before all...	6.5 - MEDIUM	2023-07-18	2023-08-01
CVE-2023-28021 json	The BigFix WebUI uses weak cipher suites.	7.5 - HIGH	2023-07-18	2023-07-27
CVE-2023-28020 json	URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site ...	6.1 - MEDIUM	2023-07-18	2023-07-27
CVE-2023-28019 json	Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via...	8.8 - HIGH	2023-07-18	2023-07-27
CVE-2022-38655 json	BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets o...	5.8 - MEDIUM	2022-12-21	2023-11-07
CVE-2021-27764 json	Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with ...	6.5 - MEDIUM	2022-05-06	2023-06-30
CVE-2020-4104 json	HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS...	5.4 - MEDIUM	2020-07-17	2020-07-22

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Hcltech	Bigfix Webui	-