Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass in
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints d
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application.  An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active u
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prev
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unaut
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, lead
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comman
In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. Howe
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing int
An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to sele
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys located on a Windows host machine might be subject to overly permissive file syst
Page 1+ Next →