Hcltech Bigfix Compliance — known CVE vulnerabilities
Every CVE whose affected-product data names Hcltech Bigfix Compliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-27756 — CVSS 7.5 (high): "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker…
CVE-2024-30125 — CVSS 6.2 (medium): HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to…
CVE-2024-30140 — CVSS 5.4 (medium): HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result…
CVE-2024-42212 — CVSS 5.4 (medium): HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks…
CVE-2023-37525 — CVSS 5.3 (medium): A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may…
CVE-2024-42213 — CVSS 5.3 (medium): HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to…
CVE-2024-30141 — CVSS 4.7 (medium): HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can…
CVE-2024-30126 — CVSS 4.7 (medium): HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that…
CVE-2024-30142 — CVSS 3.8 (low): HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker…