MEDIUM🇵🇱 Wersja polska

CVE-2025-0277

CVSS 6.5v3.1pub. 2025-10-16upd. 2025-10-21

HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  • Hcltech Bigfix Mobile

    APP
    Hcltech
    ≤ 3.3
  • Hcltech Bigfix Modern Client Management

    APP
    Hcltech
    < 3.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-0276MEDIUM6.5ten sam produkt

HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within...

CVE-2025-0275MEDIUM5.3ten sam produkt

HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a sma...

CVE-2025-0274MEDIUM5.3ten sam produkt

HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorize...

CVE-2023-28025MEDIUM6.6ten sam produkt

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to ...

CVE-2023-28014MEDIUM6.6ten sam produkt

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malic...