Hcltech Bigfix_mobile

10 CVEs affecting Hcltech Bigfix_mobile. Latest disclosed: 2025-10-16. Critical: 0, High: 0.

Top CVEs affecting Hcltech Bigfix_mobile
CVESeverityScorePublishedSummary
CVE-2021-27783Medium6.82022-05-25User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2023-28014Medium6.62023-07-27HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
CVE-2021-27781Medium6.62022-05-27The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2025-0277Medium6.52025-10-16HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into p…
CVE-2025-0276Medium6.52025-10-16HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker…
CVE-2023-28012Medium5.42023-07-27HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVE-2021-27782Medium5.42023-01-20HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
CVE-2025-0275Medium5.32025-10-16HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowi…
CVE-2025-0274Medium5.32025-10-16HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint act…
CVE-2021-27780Medium5.32022-05-27The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.