Every CVE whose affected-product data names Hcltech Bigfix Webui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-27764 — CVSS 7.4 (high): Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing…
CVE-2022-38655 — CVSS 6.4 (medium): BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy…
CVE-2023-28019 — CVSS 5.5 (medium): Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an…
CVE-2020-4104 — CVSS 5.4 (medium): HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a…
CVE-2023-28023 — CVSS 4.9 (medium): A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO…
CVE-2023-28020 — CVSS 4.7 (medium): URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL…