MEDIUM🇬🇧 English

CVE-2022-38655

CVSS 6.4v3.1pub. 2022-12-21upd. 2025-04-16

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
  • Hcltech Bigfix Webui

    APP
    Hcltech
    20
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-27764HIGH7.4ten sam produkt

Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show t...

CVE-2023-28019MEDIUM5.5ten sam produkt

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue ...

CVE-2023-28020MEDIUM4.7ten sam produkt

 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an ...

CVE-2023-28021MEDIUM5.9ten sam produkt

The BigFix WebUI uses weak cipher suites.

CVE-2023-28023MEDIUM4.9ten sam produkt

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44...

CVE-2022-38655 — MEDIUM 6.4 | CVEbaza.pl