Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-27761 | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | 7.5 |
| 2022-05-06 | CVE-2021-27762 | Unspecified vulnerability in Hcltech Bigfix Platform Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | 9.8 |
| 2022-05-06 | CVE-2021-27764 | Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Bigfix Webui Cookie without HTTPONLY flag set. | 6.5 |
| 2022-05-06 | CVE-2021-27765 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
| 2022-05-06 | CVE-2021-27766 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
| 2022-05-06 | CVE-2021-27767 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
| 2022-03-04 | CVE-2021-27756 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix Compliance 2.0/2.0.5 "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. | 7.5 |
| 2022-03-04 | CVE-2021-27757 | Cleartext Storage of Sensitive Information vulnerability in Hcltech Bigfix Insights 10.0 " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." | 7.5 |
| 2022-02-21 | CVE-2021-27753 | Path Traversal vulnerability in Hcltech HCL Sametime "Sametime Android PathTraversal Vulnerability" | 5.5 |
| 2022-02-21 | CVE-2021-27755 | Path Traversal vulnerability in Hcltech HCL Sametime "Sametime Android potential path traversal vulnerability when using File class" | 5.5 |