Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Bigfix platform'
2020-12-16
CVE-2020-14254
CWE-311
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
CVE-2020-14248
CWE-319
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
2020-07-16
CVE-2020-4095
CWE-522
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."
>>>
Vendor:
Hcltech
21
Products
Legacy ivr firmware
Appscan source
Appscan
Self-service application
Connections
Hcl nomad
Hcl digital experience
Marketing campaign
Bigfix webui
Bigfix platform
Digital experience
Hcl domino
Domino
Notes
Hcl inotes
Traveler companion
Hcl sametime
Bigfix insights
Bigfix compliance
Traveler
Onetest server
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Bigfix platform' 