threat
engine
.sh
Back
·
··:··
Home
/
Product
/
hcltech bigfix compliance
Product
hcltech bigfix compliance
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-37525
all versions
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory,
5.3
MEDIUM
CVE-2024-42213
all versions
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain acce
5.3
MEDIUM
CVE-2024-42212
all versions
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF
5.4
MEDIUM
CVE-2024-30142
all versions
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an
3.8
LOW
CVE-2024-30141
all versions
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages
4.7
MEDIUM
CVE-2024-30140
all versions
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as
5.4
MEDIUM
CVE-2024-30126
< 2.0.11
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious websi
4.7
MEDIUM
CVE-2024-30125
< 2.0.11
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server proc
6.2
MEDIUM
CVE-2021-27756
>= 2.0 and < 2.0.6
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an a
7.5
HIGH
CVE-2017-1202
>= 1.7 and <= 1.9.91
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject mali
5.4
MEDIUM
CVE-2017-1200
>= 1.7 and <= 1.9.91
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weak
3.7
LOW
CVE-2017-1198
>= 1.7 and <= 1.9.91
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to inf
3.7
LOW
CVE-2017-1177
>= 1.7 and <= 1.9.91
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mou
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin