RSS   Vulnerabilities for 'Bigfix platform'   RSS

2020-12-16
 
CVE-2020-14254

CWE-311
 

 
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.

 
 
CVE-2020-14248

CWE-319
 

 
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

 
2020-07-16
 
CVE-2020-4095

CWE-522
 

 
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."

 

 >>> Vendor: Hcltech 21 Products
Domino
Appscan
Connections
Traveler
Bigfix platform
Appscan source
Notes
Legacy ivr firmware
Bigfix compliance
Self-service application
Hcl nomad
Hcl digital experience
Marketing campaign
Bigfix webui
Digital experience
Hcl domino
Hcl inotes
Traveler companion
Hcl sametime
Bigfix insights
Onetest server


Copyright 2024, cxsecurity.com

 

Back to Top