HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NHcltech Bigfix Compliance
APPHcltech2.0.12
Powiązane podatności
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are n...
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the...
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An atta...
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated b...
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Det...