Hcl Software Hcl Bigfix Platform vulnerabilities

CVE-2024-42200 [MEDIUM] CWE-79 CVE-2024-42200: HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a pote HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.

CVE-2024-42189 [MEDIUM] CWE-1287 CVE-2024-42189: HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially we HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.

CVE-2024-42193 [LOW] CWE-295 CVE-2024-42193: HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of S HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.

CVE-2023-37520 [MEDIUM] CWE-79 CVE-2023-37520: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

CVE-2023-37519 [MEDIUM] CWE-79 CVE-2023-37519: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Do Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.