BigFix Mobile
by HCL Software
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28014 | Med | 0.43 | 6.6 | 0.00 | Jul 27, 2023 | HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | ||
| CVE-2023-28012 | Med | 0.35 | 5.4 | 0.01 | Jul 27, 2023 | HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | ||
| CVE-2021-27782 | Med | 0.35 | 5.4 | 0.00 | Jan 20, 2023 | HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | ||
| CVE-2025-0277 | 0.00 | — | 0.00 | Oct 16, 2025 | HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content. | |||
| CVE-2025-0275 | 0.00 | — | 0.00 | Oct 16, 2025 | HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. |
- risk 0.43cvss 6.6epss 0.00
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
- risk 0.35cvss 5.4epss 0.01
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
- risk 0.35cvss 5.4epss 0.00
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
- CVE-2025-0277Oct 16, 2025risk 0.00cvss —epss 0.00
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
- CVE-2025-0275Oct 16, 2025risk 0.00cvss —epss 0.00
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.