Vulnerabilities > Hcltech
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-06 | CVE-2021-27758 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | 6.5 |
2022-05-06 | CVE-2021-27759 | Insufficient Verification of Data Authenticity vulnerability in Hcltech Bigfix Inventory This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. | 6.5 |
2022-05-06 | CVE-2021-27760 | Unspecified vulnerability in Hcltech HCL Inotes 11.0.0/11.0.1 An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. | 5.5 |
2022-05-06 | CVE-2021-27761 | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | 7.5 |
2022-05-06 | CVE-2021-27762 | Unspecified vulnerability in Hcltech Bigfix Platform Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | 9.8 |
2022-05-06 | CVE-2021-27764 | Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Bigfix Webui Cookie without HTTPONLY flag set. | 6.5 |
2022-05-06 | CVE-2021-27765 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
2022-05-06 | CVE-2021-27766 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
2022-05-06 | CVE-2021-27767 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
2022-03-04 | CVE-2021-27756 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix Compliance 2.0/2.0.5 "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. | 7.5 |