Hcltech Bigfix_mobile
10 CVEs affecting Hcltech Bigfix_mobile. Latest disclosed: 2025-10-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-27783 | Medium | 6.8 | 2022-05-25 | User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. |
CVE-2023-28014 | Medium | 6.6 | 2023-07-27 | HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. |
CVE-2021-27781 | Medium | 6.6 | 2022-05-27 | The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. |
CVE-2025-0277 | Medium | 6.5 | 2025-10-16 | HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into p… |
CVE-2025-0276 | Medium | 6.5 | 2025-10-16 | HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker… |
CVE-2023-28012 | Medium | 5.4 | 2023-07-27 | HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. |
CVE-2021-27782 | Medium | 5.4 | 2023-01-20 | HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. |
CVE-2025-0275 | Medium | 5.3 | 2025-10-16 | HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowi… |
CVE-2025-0274 | Medium | 5.3 | 2025-10-16 | HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint act… |
CVE-2021-27780 | Medium | 5.3 | 2022-05-27 | The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. |