BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:LHcltech Bigfix Webui
APPHcltech20
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2021-27764HIGH7.4ten sam produkt
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show t...
CVE-2023-28019MEDIUM5.5ten sam produkt
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue ...
CVE-2023-28020MEDIUM4.7ten sam produkt
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an ...
CVE-2023-28021MEDIUM5.9ten sam produkt
The BigFix WebUI uses weak cipher suites.
CVE-2023-28023MEDIUM4.9ten sam produkt
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44...