Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bigfix_mobile
(Hcltech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-25 | CVE-2021-27783 | User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | Bigfix_mobile, Bigfix_modern_client_management | 6.5 | ||
| 2022-05-27 | CVE-2021-27780 | The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | Bigfix_mobile, Modern_client_management | 5.3 | ||
| 2022-05-27 | CVE-2021-27781 | The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | Bigfix_mobile, Modern_client_management | 4.8 | ||
| 2023-01-20 | CVE-2021-27782 | HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | Bigfix_mobile | 7.5 | ||
| 2023-07-27 | CVE-2023-28012 | HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | Bigfix_mobile | 8.8 | ||
| 2023-07-27 | CVE-2023-28014 | HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | Bigfix_mobile | 5.4 |