VYPR

Bigfix Webui Reports

by HCLTech

CVEs (7)

  • CVE-2025-15633MedMay 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate…

  • CVE-2025-15634MedMay 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

  • CVE-2024-42193Apr 15, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead…

  • CVE-2024-42189Apr 15, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.

  • CVE-2024-42200Apr 15, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.

  • CVE-2022-27545Jul 19, 2022
    risk 0.00cvss epss 0.00

    BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.

  • CVE-2022-27544Jul 19, 2022
    risk 0.00cvss epss 0.00

    BigFix Web Reports authorized users may see SMTP credentials in clear text.