VYPR

HCL BigFix

by HCL Software

CVEs (7)

  • CVE-2021-27777HigMay 12, 2022
    risk 0.49cvss 7.5epss 0.01

    XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.

  • CVE-2020-4099MedNov 1, 2022
    risk 0.38cvss 5.9epss 0.00

    The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

  • CVE-2021-27780MedMay 27, 2022
    risk 0.35cvss 5.3epss 0.01

    The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

  • CVE-2021-27769MedMay 12, 2022
    risk 0.35cvss 5.3epss 0.01

    Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an…

  • CVE-2021-27762MedMay 6, 2022
    risk 0.31cvss 4.7epss 0.01

    Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses

  • CVE-2021-27761MedMay 6, 2022
    risk 0.31cvss 4.8epss 0.00

    Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks

  • CVE-2021-27759LowMay 6, 2022
    risk 0.15cvss 2.3epss 0.00

    This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.