Bigfix Compliance
by Hcl Software
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37525 | 0.00 | — | 0.00 | Jan 28, 2026 | A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals. | ||
| CVE-2024-30142 | 0.00 | — | 0.00 | Nov 7, 2024 | HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel. | ||
| CVE-2024-30141 | 0.00 | — | 0.00 | Nov 7, 2024 | HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data. | ||
| CVE-2024-30140 | 0.00 | — | 0.00 | Nov 7, 2024 | HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | ||
| CVE-2024-30126 | 0.00 | — | 0.01 | Jul 18, 2024 | HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge. | ||
| CVE-2024-30125 | 0.00 | — | 0.00 | Jul 18, 2024 | HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. |
- CVE-2023-37525Jan 28, 2026risk 0.00cvss —epss 0.00
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.
- CVE-2024-30142Nov 7, 2024risk 0.00cvss —epss 0.00
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.
- CVE-2024-30141Nov 7, 2024risk 0.00cvss —epss 0.00
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.
- CVE-2024-30140Nov 7, 2024risk 0.00cvss —epss 0.00
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.
- CVE-2024-30126Jul 18, 2024risk 0.00cvss —epss 0.01
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
- CVE-2024-30125Jul 18, 2024risk 0.00cvss —epss 0.00
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.