HCL BigFix
by HCL Software
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27777 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2022 | XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references. | ||
| CVE-2020-4099 | Med | 0.38 | 5.9 | 0.00 | Nov 1, 2022 | The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | ||
| CVE-2021-27780 | Med | 0.35 | 5.3 | 0.01 | May 27, 2022 | The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | ||
| CVE-2021-27769 | Med | 0.35 | 5.3 | 0.01 | May 12, 2022 | Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an… | ||
| CVE-2021-27762 | Med | 0.31 | 4.7 | 0.01 | May 6, 2022 | Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | ||
| CVE-2021-27761 | Med | 0.31 | 4.8 | 0.00 | May 6, 2022 | Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | ||
| CVE-2021-27759 | Low | 0.15 | 2.3 | 0.00 | May 6, 2022 | This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. |
- risk 0.49cvss 7.5epss 0.01
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
- risk 0.38cvss 5.9epss 0.00
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
- risk 0.35cvss 5.3epss 0.01
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
- risk 0.35cvss 5.3epss 0.01
Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an…
- risk 0.31cvss 4.7epss 0.01
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
- risk 0.31cvss 4.8epss 0.00
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
- risk 0.15cvss 2.3epss 0.00
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.