cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-30117,https://securityvulnerability.io/vulnerability/CVE-2024-30117,Possibility of Library Replacement Attack,A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.,Hcl Software,Bigfix Platform,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-14T23:15:00.000Z,0 CVE-2024-23556,https://securityvulnerability.io/vulnerability/CVE-2024-23556,Renegotiation Vulnerability Could Lead to DoS Attacks,"SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. ",Hcl Software,Bigfix Platform,5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-18T00:15:00.000Z,0 CVE-2024-23554,https://securityvulnerability.io/vulnerability/CVE-2024-23554,CSRF Attack Could Lead to RCE: Vendor Warns,"Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). ",Hcl Software,Bigfix Platform,5.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-18T00:15:00.000Z,0 CVE-2024-23583,https://securityvulnerability.io/vulnerability/CVE-2024-23583,Attacker Could Intercept Credentials and Access Client Deploy Tool Without Authorization,"An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. ",Hcl Software,Bigfix Platform,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-17T23:15:00.000Z,0 CVE-2023-45715,https://securityvulnerability.io/vulnerability/CVE-2023-45715,Norton Antivirus Experiences Service Interruption When Processing Invalid File Names,"The console may experience a service interruption when processing file names with invalid characters. ",Hcl Software,Bigfix Platform,3.5,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-03-28T14:26:32.839Z,0 CVE-2023-45706,https://securityvulnerability.io/vulnerability/CVE-2023-45706,WebReports SAML Configuration Vulnerable to XSS and MITM Exploits,"An administrative user of HCL WebReports may exploit vulnerabilities through improper SAML configuration, leading to potential Cross Site Scripting (XSS) attacks or Man in the Middle (MITM) scenarios. These vulnerabilities can allow unauthorized access to sensitive information or manipulation of web content, emphasizing the necessity for robust security measures and prompt updates to safeguard against potential exploits.",Hcl Software,Bigfix Platform,2,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-03-28T14:19:40.914Z,0 CVE-2023-45705,https://securityvulnerability.io/vulnerability/CVE-2023-45705,SSRF Exploit Through SMTP Configuration Options,"An administrative user of HCL WebReports can exploit a Server Side Request Forgery (SSRF) vulnerability through specific SMTP configuration options. This issue can lead to unauthorized access and manipulation, posing significant risks to system integrity and data security. Organizations using HCL WebReports should assess their configurations and implement necessary precautions to mitigate potential exploitation.",Hcl Software,Bigfix Platform,3.5,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-03-28T14:11:57.835Z,0 CVE-2023-37530,https://securityvulnerability.io/vulnerability/CVE-2023-37530,HCL BigFix Platform XSS Vulnerability Could Lead to Malicious Code Execution,"An identified cross-site scripting (XSS) vulnerability in the Web Reports component of the HCL BigFix Platform poses a significant security risk. The flaw may allow attackers to inject and execute malicious JavaScript code within web pages, which could lead to unauthorized access to sensitive information, including cookies. This vulnerability highlights the importance of securing web interfaces against such exploits to protect user data and maintain the integrity of web applications.",HCL Software,BigFix Platform,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-29T01:40:00.000Z,0 CVE-2023-37531,https://securityvulnerability.io/vulnerability/CVE-2023-37531,HCL BigFix Platform XSS Vulnerability,"The vulnerability in the Web Reports component of the HCL BigFix Platform presents a cross-site scripting (XSS) risk. An attacker could exploit this flaw to inject and execute malicious JavaScript code within a form field, potentially compromising the integrity and security of user data. This vulnerability primarily affects users with privileged access, making it critical for organizations to ensure that web application security measures are strengthened to protect against such attacks. Comprehensive security audits and updates to the affected platform are recommended to mitigate the risks associated with this issue.",HCL Software,BigFix Platform,4.8,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-29T01:40:00.000Z,0 CVE-2023-37529,https://securityvulnerability.io/vulnerability/CVE-2023-37529,HCL BigFix Platform XSS Vulnerability Could Lead to Malicious Code Execution,"A cross-site scripting (XSS) vulnerability exists in the Web Reports component of HCL BigFix Platform, potentially allowing attackers to inject and execute malicious JavaScript code in a user's browser. This could lead to unauthorized access to cookie-stored information, posing significant security risks for affected users. Mitigation strategies must be employed to safeguard against possible exploitation of this vulnerability, ensuring the integrity of user data and the overall security posture of the platform.",HCL Software,BigFix Platform,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-29T01:40:00.000Z,0 CVE-2023-37528,https://securityvulnerability.io/vulnerability/CVE-2023-37528,HCL BigFix Platform XSS Vulnerability,"A cross-site scripting (XSS) vulnerability exists in the Web Reports component of HCL BigFix Platform, potentially enabling an attacker to exploit application parameters during the execution of the Save Report function. This flaw highlights the importance of securing web applications against injection attacks, as exploitation could lead to unauthorized access or manipulation of sensitive data. Organizations using the affected version of HCL BigFix are advised to take immediate action to mitigate the risks associated with this security vulnerability.",Hcl Software,Bigfix Platform,6.5,MEDIUM,0.0005499999970197678,false,false,false,false,,false,false,2024-02-03T05:27:07.117Z,0 CVE-2024-23553,https://securityvulnerability.io/vulnerability/CVE-2024-23553,HCL BigFix Platform XSS Vulnerability,"A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. ",HCL Software,BigFix Platform,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-02T21:03:33.226Z,0 CVE-2023-37527,https://securityvulnerability.io/vulnerability/CVE-2023-37527,Reflected Cross-Site Scripting Vulnerability in HCL BigFix Platform Could Lead to Malicious Code Execution,"A reflected cross-site scripting (XSS) vulnerability exists in the Web Reports component of HCL BigFix Platform. This flaw can enable an attacker to inject malicious JavaScript code via remote means, which could execute within the user’s application session or in the database during content rendering on a web page. If exploited, this vulnerability can lead to unauthorized data access or manipulation, compromising user data and application integrity.",Hcl Software,Bigfix Platform,5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2024-02-02T18:10:04.303Z,0 CVE-2023-37520,https://securityvulnerability.io/vulnerability/CVE-2023-37520,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored cross-site scripting (XSS) vulnerability has been identified in BigFix Server version 9.5.12.68. This vulnerability resides in the Gather Status Report feature, which is served by the BigFix Relay. Attackers could exploit this XSS vulnerability to execute arbitrary scripts in the context of an affected user’s browser, leading to potential data exfiltration and unauthorized access to sensitive information. Proper remediation measures are essential to mitigate the risks associated with this vulnerability.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-12-21T23:15:00.000Z,0 CVE-2023-37519,https://securityvulnerability.io/vulnerability/CVE-2023-37519,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored Cross-Site Scripting (XSS) vulnerability exists in the Download Status Report feature of the BigFix Server. Attackers can exploit this vulnerability to inject malicious scripts that can be executed in the context of a user's browser, potentially leading to data manipulation and exposure. Immediate action is recommended to secure affected instances and mitigate the risk of exploitation.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-12-21T22:15:00.000Z,0 CVE-2023-37536,https://securityvulnerability.io/vulnerability/CVE-2023-37536,HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3,"An integer overflow vulnerability has been identified in the BigFix Platform, specifically in version 3.2.3 of xerces-c++. This vulnerability could be exploited by remote attackers, allowing them to induce out-of-bound access via crafted HTTP requests. Such an attack could potentially compromise the security and integrity of systems utilizing this specific version of BigFix Platform.",Hcl Software,Bigfix Platform,8.8,HIGH,0.021649999544024467,false,false,false,false,,false,false,2023-10-11T07:15:00.000Z,0 CVE-2022-38659,https://securityvulnerability.io/vulnerability/CVE-2022-38659,HCL BigFix Platform is affected by insecure credential storage,"In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. ",Hcl Software,Bigfix Platform,6,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-12-19T11:15:00.000Z,0 CVE-2022-42453,https://securityvulnerability.io/vulnerability/CVE-2022-42453,HCL BigFix Platform is affected by insufficient warnings,"There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. ",Hcl Software,Bigfix Platform,6.9,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-12-19T11:15:00.000Z,0 CVE-2021-27766,https://securityvulnerability.io/vulnerability/CVE-2021-27766,HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability,"The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.",Hcl Software,Bigfix Platform,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0 CVE-2021-27762,https://securityvulnerability.io/vulnerability/CVE-2021-27762,HCL BigFix Platform is affected by misconfigured security-related HTTP headers,Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses,Hcl Software,Bigfix Platform,4.7,MEDIUM,0.0020099999383091927,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0 CVE-2021-27761,https://securityvulnerability.io/vulnerability/CVE-2021-27761,HCL BigFix Platform is affected by weak web transport security,Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks,Hcl Software,Bigfix Platform,4.8,MEDIUM,0.0015200000489130616,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0 CVE-2021-27765,https://securityvulnerability.io/vulnerability/CVE-2021-27765,HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability,"The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.",Hcl Software,Bigfix Platform,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0 CVE-2021-27767,https://securityvulnerability.io/vulnerability/CVE-2021-27767,HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability,"The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.",Hcl Software,Bigfix Platform,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0 CVE-2020-4095,https://securityvulnerability.io/vulnerability/CVE-2020-4095,,"""BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access.""",HCL Software,"""hcl Bigfix Platform""",6,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-07-16T18:27:41.000Z,0