cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-30142,https://securityvulnerability.io/vulnerability/CVE-2024-30142,Insecure Cookie Flag Leaves BigFix Compliance Vulnerable to XSS Attacks,"HCL BigFix Compliance is affected by a missing secure flag on a cookie.  If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.",Hcl Software,Bigfix Compliance,3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T08:58:42.811Z,0
CVE-2024-30141,https://securityvulnerability.io/vulnerability/CVE-2024-30141,Error Messages Expose Sensitive Information in HCL BigFix Compliance,"HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information.  Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.",Hcl Software,Bigfix Compliance,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T08:36:13.573Z,0
CVE-2024-30140,https://securityvulnerability.io/vulnerability/CVE-2024-30140,HCL BigFix Compliance Vulnerability: Unvalidated Redirects and Forwards Put Users at Risk,"HCL BigFix Compliance is affected by unvalidated redirects and forwards.  The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.",Hcl Software,Bigfix Compliance,5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2024-11-07T08:17:56.737Z,0
CVE-2024-30126,https://securityvulnerability.io/vulnerability/CVE-2024-30126,HCL BigFix Compliance Vulnerable to X-Frame-Options Header Attack,"HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.",Hcl Software,Bigfix Compliance,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-18T20:15:00.000Z,0
CVE-2024-30125,https://securityvulnerability.io/vulnerability/CVE-2024-30125,Server-Side Error in Windows Server Leads to Server Process Death,"A vulnerability exists in the HCL BigFix Compliance server that can lead to instances where the server reacts to certain requests with an HTTP status of 500. This status indicates a server-side error, which may result in interruptions in service or complete server process termination. Such behavior can make the affected system susceptible to denial-of-service conditions, potentially affecting organizations relying on the platform for compliance management and other functions. It is crucial for users to monitor their systems and apply recommended best practices to mitigate such vulnerabilities.",Hcl Software,Bigfix Compliance,6.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-18T17:59:48.338Z,0
CVE-2024-23551,https://securityvulnerability.io/vulnerability/CVE-2024-23551,Security Risk: Storing Credentials in Plaintext or Encoded Format,"Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.",Hcl Software,Bigfix Compliance,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-07T21:46:54.285Z,0
CVE-2021-27756,https://securityvulnerability.io/vulnerability/CVE-2021-27756,,"""TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.""",HCL Software,"""bigfix Compliance Server""",7.5,HIGH,0.0016799999866634607,false,false,false,false,,false,false,2022-03-04T21:18:06.000Z,0