Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2021-27758 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.
network
low complexity
hcltech CWE-352
6.5
2022-05-06 CVE-2021-27759 Insufficient Verification of Data Authenticity vulnerability in Hcltech Bigfix Inventory
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally.
network
low complexity
hcltech CWE-345
6.5
2022-05-06 CVE-2021-27760 Unspecified vulnerability in Hcltech HCL Inotes 11.0.0/11.0.1
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients.
network
low complexity
hcltech
5.5
2022-05-06 CVE-2021-27761 Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
network
low complexity
hcltech CWE-326
7.5
2022-05-06 CVE-2021-27762 Unspecified vulnerability in Hcltech Bigfix Platform
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
network
low complexity
hcltech
critical
9.8
2022-05-06 CVE-2021-27764 Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Bigfix Webui
Cookie without HTTPONLY flag set.
network
low complexity
hcltech CWE-732
6.5
2022-05-06 CVE-2021-27765 Improper Privilege Management vulnerability in Hcltech Bigfix Platform
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation.
local
low complexity
hcltech CWE-269
7.8
2022-05-06 CVE-2021-27766 Improper Privilege Management vulnerability in Hcltech Bigfix Platform
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation.
local
low complexity
hcltech CWE-269
7.8
2022-05-06 CVE-2021-27767 Improper Privilege Management vulnerability in Hcltech Bigfix Platform
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation.
local
low complexity
hcltech CWE-269
7.8
2022-03-04 CVE-2021-27756 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix Compliance 2.0/2.0.5
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5.
network
low complexity
hcltech CWE-327
7.5