Bigfix Webui Reports
by HCLTech
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15633 | Med | 0.42 | 6.5 | 0.00 | May 9, 2026 | An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate… | ||
| CVE-2025-15634 | Med | 0.28 | 4.3 | 0.00 | May 9, 2026 | A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page. | ||
| CVE-2024-42193 | 0.00 | — | 0.00 | Apr 15, 2025 | HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead… | |||
| CVE-2024-42189 | 0.00 | — | 0.00 | Apr 15, 2025 | HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. | |||
| CVE-2024-42200 | 0.00 | — | 0.00 | Apr 15, 2025 | HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input. | |||
| CVE-2022-27545 | 0.00 | — | 0.00 | Jul 19, 2022 | BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | |||
| CVE-2022-27544 | 0.00 | — | 0.00 | Jul 19, 2022 | BigFix Web Reports authorized users may see SMTP credentials in clear text. |
- risk 0.42cvss 6.5epss 0.00
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate…
- risk 0.28cvss 4.3epss 0.00
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.
- CVE-2024-42193Apr 15, 2025risk 0.00cvss —epss 0.00
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead…
- CVE-2024-42189Apr 15, 2025risk 0.00cvss —epss 0.00
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
- CVE-2024-42200Apr 15, 2025risk 0.00cvss —epss 0.00
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
- CVE-2022-27545Jul 19, 2022risk 0.00cvss —epss 0.00
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
- CVE-2022-27544Jul 19, 2022risk 0.00cvss —epss 0.00
BigFix Web Reports authorized users may see SMTP credentials in clear text.