Hcltech Bigfix Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Hcltech Bigfix Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2026-21765 — CVSS 8.8 (high): HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows…
CVE-2023-37536 — CVSS 8.2 (high): An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVE-2024-42193 — CVSS 8.1 (high): HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This…
CVE-2023-37519 — CVSS 7.7 (high): Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served…
CVE-2023-37520 — CVSS 7.7 (high): Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data…
CVE-2020-14254 — CVSS 7.5 (high): TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an…
CVE-2022-42453 — CVSS 6.9 (medium): There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the…
CVE-2021-27767 — CVSS 6.7 (medium): The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local…
CVE-2024-23583 — CVSS 6.7 (medium): An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on…
CVE-2021-27765 — CVSS 6.7 (medium): The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a…
CVE-2021-27766 — CVSS 6.7 (medium): The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local…
CVE-2023-37528 — CVSS 6.5 (medium): A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an…
CVE-2024-42189 — CVSS 6.5 (medium): HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
CVE-2022-38659 — CVSS 6.0 (medium): In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
CVE-2020-4095 — CVSS 6.0 (medium): "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges…
CVE-2024-23554 — CVSS 5.7 (medium): Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).
CVE-2023-37527 — CVSS 5.4 (medium): A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to…
CVE-2024-42200 — CVSS 5.4 (medium): HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
CVE-2020-14248 — CVSS 5.3 (medium): BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be…
CVE-2021-27762 — CVSS 4.7 (medium): Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
CVE-2022-27545 — CVSS 4.6 (medium): BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
CVE-2026-21767 — CVSS 4.0 (medium): HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the…
CVE-2023-45705 — CVSS 3.5 (low): An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.
CVE-2023-45715 — CVSS 3.5 (low): The console may experience a service interruption when processing file names with invalid characters.
CVE-2023-37531 — CVSS 3.3 (low): A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute…
CVE-2023-37529 — CVSS 3.0 (low): A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute…
CVE-2023-37530 — CVSS 3.0 (low): A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute…
CVE-2024-23553 — CVSS 3.0 (low): A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header…
CVE-2024-30117 — CVSS 2.5 (low): A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some…
CVE-2023-45706 — CVSS 2.0 (low): An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML…