Vulnerabilities > Hcltech > Bigfix Mobile
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-27 | CVE-2023-28012 | Command Injection vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a command injection attack. | 8.8 |
| 2023-07-27 | CVE-2023-28014 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a cross-site scripting attack. | 5.4 |
| 2023-01-20 | CVE-2021-27782 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |
| 2022-05-27 | CVE-2021-27780 | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.0 |
| 2022-05-27 | CVE-2021-27781 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 3.5 |
| 2022-05-25 | CVE-2021-27783 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 4.0 |