Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into ma
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attack
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially ai
HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive areas of the application without proper authentication.
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expos
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, po
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, po
HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker ma
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data tra
CVE-2025-31973
CRITICAL CVSS 9.8
Find Similar
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially in
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation.  This low-level flaw allows unauthorized access and may lead to information exposure.
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
Page 1+ Next →