Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15633 | 1 Hcltech | 21 Bigfix Webui Api, Bigfix Webui Application Administration, Bigfix Webui Cmep and 18 more | 2026-05-14 | N/A | 6.5 MEDIUM |
| An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers. | |||||
| CVE-2025-15634 | 1 Hcltech | 21 Bigfix Webui Api, Bigfix Webui Application Administration, Bigfix Webui Cmep and 18 more | 2026-05-14 | N/A | 4.3 MEDIUM |
| A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page. | |||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-21 | N/A | 3.0 LOW |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||