Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2023-28014

Disclosure Date: July 27, 2023 (last updated October 08, 2023)
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-28012

Disclosure Date: July 27, 2023 (last updated October 08, 2023)
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-27782

Disclosure Date: January 20, 2023 (last updated November 08, 2023)
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-27783

Disclosure Date: May 19, 2022 (last updated February 23, 2025)
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-27780

Disclosure Date: May 09, 2022 (last updated February 23, 2025)
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-27781

Disclosure Date: May 09, 2022 (last updated February 23, 2025)
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0