cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-37523,https://securityvulnerability.io/vulnerability/CVE-2023-37523,HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags,"The HCL BigFix Bare OSD Metal Server WebUI is susceptible to security issues stemming from missing or improperly configured tags. This vulnerability enables potential attackers to exploit the system by executing malicious scripts in the context of the user's browser, which could lead to unauthorized actions or the compromise of sensitive data. Users utilizing version 311.19 or lower of this product should be aware of the risks associated with this flaw and take appropriate measures to mitigate potential threats.",HCL Software,HCL BigFix OSD Bare Metal Server WebUI,9.8,CRITICAL,0.0010499999625608325,false,false,false,false,,false,false,2024-01-16T17:33:01.755Z,0
CVE-2023-37522,https://securityvulnerability.io/vulnerability/CVE-2023-37522,HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags,"The HCL BigFix Bare OSD Metal Server WebUI up to version 311.19 contains vulnerabilities related to insecure or missing tags. This security flaw could be exploited by attackers, allowing them to inject and execute malicious scripts in the context of the user’s browser. Such vulnerabilities highlight the importance of addressing security best practices in web application development to safeguard against potential exploits that could compromise user data and system integrity.",HCL Software,HCL BigFix OSD Bare Metal Server WebUI,9.8,CRITICAL,0.0010499999625608325,false,false,false,false,,false,false,2024-01-16T15:59:35.415Z,0
CVE-2023-37521,https://securityvulnerability.io/vulnerability/CVE-2023-37521,HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure,"The HCL BigFix Bare OSD Metal Server WebUI, specifically in versions 311.19 and below, has been identified with a potential vulnerability where sensitive information can be unintentionally exposed in query strings. This loophole may allow attackers to exploit the system by manipulating the query string and deriving confidential data, thereby increasing the risk of malicious activities. Users of the affected versions should take immediate steps to evaluate their configurations and ensure that sensitive data is adequately protected.",Hcl Software,Hcl Bigfix Osd Bare Metal Server Webui,5.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-01-16T15:55:27.149Z,0
CVE-2023-37520,https://securityvulnerability.io/vulnerability/CVE-2023-37520,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored cross-site scripting (XSS) vulnerability has been identified in BigFix Server version 9.5.12.68. This vulnerability resides in the Gather Status Report feature, which is served by the BigFix Relay. Attackers could exploit this XSS vulnerability to execute arbitrary scripts in the context of an affected user’s browser, leading to potential data exfiltration and unauthorized access to sensitive information. Proper remediation measures are essential to mitigate the risks associated with this vulnerability.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-12-21T23:15:00.000Z,0
CVE-2023-37519,https://securityvulnerability.io/vulnerability/CVE-2023-37519,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored Cross-Site Scripting (XSS) vulnerability exists in the Download Status Report feature of the BigFix Server. Attackers can exploit this vulnerability to inject malicious scripts that can be executed in the context of a user's browser, potentially leading to data manipulation and exposure. Immediate action is recommended to secure affected instances and mitigate the risk of exploitation.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-12-21T22:15:00.000Z,0
CVE-2023-28025,https://securityvulnerability.io/vulnerability/CVE-2023-28025,"An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management ","Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage. 
",HCL Software,HCL BigFix Mobile / Modern Client Management,6.6,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-12-21T01:15:00.000Z,0
CVE-2023-28012,https://securityvulnerability.io/vulnerability/CVE-2023-28012,"HCL BigFix Mobile can be affected by a command injection vulnerability ","HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
",Hcl Software,Hcl Bigfix Mobile,5.4,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2023-07-27T00:15:00.000Z,0
CVE-2023-28014,https://securityvulnerability.io/vulnerability/CVE-2023-28014,"HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability ","HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
",Hcl Software,Hcl Bigfix Mobile,6.6,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-07-27T00:15:00.000Z,0
CVE-2023-28023,https://securityvulnerability.io/vulnerability/CVE-2023-28023,HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability,"A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 
",Hcl Software,Hcl Bigfix Webui Software Distribution,4.9,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2023-07-18T20:15:00.000Z,0
CVE-2023-28021,https://securityvulnerability.io/vulnerability/CVE-2023-28021,"BigFix WebUI is vulnerable to use of a risky cryptographic algorithm ","The BigFix WebUI uses weak cipher suites.
",Hcl Software,Hcl Bigfix Webui,5.9,MEDIUM,0.001449999981559813,false,false,false,false,,false,false,2023-07-18T19:15:00.000Z,0
CVE-2023-28020,https://securityvulnerability.io/vulnerability/CVE-2023-28020,URL redirection affects BigFix WebUI," URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
",Hcl Software,Hcl Bigfix Webui,4.7,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-07-18T19:15:00.000Z,0
CVE-2023-28019,https://securityvulnerability.io/vulnerability/CVE-2023-28019,An SQL injection affects BigFix WebUI API,"Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
",Hcl Software,Hcl Bigfix Webui Api,5.5,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2023-07-18T18:15:00.000Z,0
CVE-2023-23344,https://securityvulnerability.io/vulnerability/CVE-2023-23344,HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization,"A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
",Hcl Software,Hcl Bigfix Webui Insights,6.5,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2023-06-23T06:15:00.000Z,0
CVE-2023-28006,https://securityvulnerability.io/vulnerability/CVE-2023-28006,HCL BigFix OSD Bare Metal Server is affected by a weak cryptographic algorithm.,"The HCL Bare Metal Server utilizes a cryptographic algorithm that has been deemed insufficiently secure, potentially exposing data to unauthorized access and compromising the integrity of communications. This weakness may allow attackers to exploit the system by leveraging the outdated cryptographic methods used, which can result in significant security risks for organizations relying on this infrastructure.",Hcl Software,Hcl Bigfix Osd Bare Metal Server,7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-06-22T23:15:00.000Z,0
CVE-2023-28016,https://securityvulnerability.io/vulnerability/CVE-2023-28016,HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability,"Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
",Hcl Software,Hcl Bigfix Osd Bare Metal Server,3.1,LOW,0.0005600000149570405,false,false,false,false,,false,false,2023-06-22T23:15:00.000Z,0
CVE-2023-23343,https://securityvulnerability.io/vulnerability/CVE-2023-23343,HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability.,"A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.
",Hcl Software,Hcl Bigfix Osd Bare Metal Server,2.4,LOW,0.0005600000149570405,false,false,false,false,,false,false,2023-06-22T22:15:00.000Z,0
CVE-2022-27545,https://securityvulnerability.io/vulnerability/CVE-2022-27545,HCL BigFix Web Reports authorized users may perform HTML injection.,BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.,Hcl Software,Hcl Bigfix,4.6,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-07-19T16:15:00.000Z,0
CVE-2022-27544,https://securityvulnerability.io/vulnerability/CVE-2022-27544,"HCL BigFix Web Reports authorized users may see sensitive information in clear text ",BigFix Web Reports authorized users may see SMTP credentials in clear text.,Hcl Software,Hcl Bigfix,5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-07-19T16:15:00.000Z,0
CVE-2021-27781,https://securityvulnerability.io/vulnerability/CVE-2021-27781," HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting",The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.,Hcl Software,Hcl Bigfix Mobile / Modern Client Management,6.6,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-05-27T17:15:00.000Z,0
CVE-2021-27780,https://securityvulnerability.io/vulnerability/CVE-2021-27780," HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction",The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.,Hcl Software,Hcl Bigfix Mobile / Modern Client Management,5.3,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2022-05-27T17:15:00.000Z,0
CVE-2021-27783,https://securityvulnerability.io/vulnerability/CVE-2021-27783," HCL BigFix Mobile / Modern Client Management is vulnerable to sensitive information exposure",User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.,Hcl Software,Hcl Bigfix Mobile / Modern Client Management,6.8,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-05-25T17:15:00.000Z,0
CVE-2021-27758,https://securityvulnerability.io/vulnerability/CVE-2021-27758,,There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.,Hcl Software,Hcl Bigfix Inventory,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0
CVE-2021-27759,https://securityvulnerability.io/vulnerability/CVE-2021-27759,,This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.,Hcl Software,Hcl Bigfix Inventory,2.3,LOW,0.0005300000193528831,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0
CVE-2021-27764,https://securityvulnerability.io/vulnerability/CVE-2021-27764,HCL BigFix WebUI Cookie missing attributes,Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI),Hcl Software,Hcl Bigfix Webui,7.4,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0
CVE-2020-14248,https://securityvulnerability.io/vulnerability/CVE-2020-14248,,"BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",HCL Software,Hcl Bigfix Inventory,5.3,MEDIUM,0.0015399999683722854,false,false,false,false,,false,false,2020-12-16T14:11:34.000Z,0