Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bigfix_platform
(Hcltech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-06 | CVE-2021-27762 | Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | Bigfix_platform | 9.8 | ||
| 2022-05-06 | CVE-2021-27761 | Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | Bigfix_platform | 7.5 | ||
| 2022-05-06 | CVE-2021-27765 | The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | Bigfix_platform | 7.8 | ||
| 2022-05-06 | CVE-2021-27766 | The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | Bigfix_platform | 7.8 | ||
| 2022-05-06 | CVE-2021-27767 | The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | Bigfix_platform | 7.8 | ||
| 2022-07-19 | CVE-2022-27544 | BigFix Web Reports authorized users may see SMTP credentials in clear text. | Bigfix_platform | 6.5 | ||
| 2022-07-19 | CVE-2022-27545 | BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | Bigfix_platform | 5.4 | ||
| 2022-12-19 | CVE-2022-38659 | In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | Bigfix_platform | 7.8 | ||
| 2022-12-19 | CVE-2022-42453 | There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. | Bigfix_platform | 6.5 | ||
| 2023-10-11 | CVE-2023-37536 | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | Xerces\-C\+\+, Fedora, Bigfix_platform | 8.8 |