CVE-2023-28014 — CVSS 6.6 (medium): HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the…
CVE-2025-0277 — CVSS 6.5 (medium): HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could…
CVE-2025-0276 — CVSS 6.5 (medium): HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy…
CVE-2021-27782 — CVSS 5.4 (medium): HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple…
CVE-2023-28012 — CVSS 5.4 (medium): HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI…
CVE-2025-0274 — CVSS 5.3 (medium): HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small…
CVE-2025-0275 — CVSS 5.3 (medium): HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions…
CVE-2021-27780 — CVSS 5.3 (medium): The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.