VYPR

BigFix Modern Client Management (MCM)

by HCL Software

CVEs (6)

  • CVE-2021-27783MedMay 25, 2022
    risk 0.44cvss 6.8epss 0.00

    User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.

  • CVE-2023-28025MedDec 21, 2023
    risk 0.43cvss 6.6epss 0.00

    Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before…

  • CVE-2021-27781MedMay 27, 2022
    risk 0.43cvss 6.6epss 0.00

    The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.

  • CVE-2021-27780MedMay 27, 2022
    risk 0.35cvss 5.3epss 0.01

    The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

  • CVE-2025-0276Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

  • CVE-2025-0274Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.