Hcltech Bigfix_platform
33 CVEs affecting Hcltech Bigfix_platform. Latest disclosed: 2026-04-02. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-21765 | High | 8.8 | 2026-04-02 | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might… |
CVE-2023-37536 | High | 8.2 | 2023-10-11 | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. |
CVE-2024-42193 | High | 8.1 | 2025-04-15 | HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibi… |
CVE-2023-37520 | High | 7.7 | 2023-12-21 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This X… |
CVE-2023-37519 | High | 7.7 | 2023-12-21 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server… |
CVE-2020-14254 | High | 7.5 | 2020-12-16 | TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively reco… |
CVE-2022-42453 | Medium | 6.9 | 2022-12-19 | There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with… |
CVE-2024-23583 | Medium | 6.7 | 2024-05-17 | An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. |
CVE-2021-27767 | Medium | 6.7 | 2022-05-06 | The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a pr… |
CVE-2021-27766 | Medium | 6.7 | 2022-05-06 | The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a pri… |
CVE-2021-27765 | Medium | 6.7 | 2022-05-06 | The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a… |
CVE-2024-42189 | Medium | 6.5 | 2025-04-15 | HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. |
CVE-2023-37528 | Medium | 6.5 | 2024-02-03 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter… |
CVE-2022-38659 | Medium | 6.0 | 2022-12-19 | In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. |
CVE-2020-4095 | Medium | 6.0 | 2020-07-16 | "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to c… |
CVE-2024-23556 | Medium | 5.9 | 2024-05-18 | SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. |
CVE-2024-23554 | Medium | 5.7 | 2024-05-18 | Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). |
CVE-2024-42200 | Medium | 5.4 | 2025-04-15 | HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input. |
CVE-2023-37527 | Medium | 5.4 | 2024-02-02 | A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious ja… |
CVE-2020-14248 | Medium | 5.3 | 2020-12-16 | BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests… |