Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hcltech Subscribe
Filtered by product Bigfix Webui Query
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-15633 1 Hcltech 21 Bigfix Webui Api, Bigfix Webui Application Administration, Bigfix Webui Cmep and 18 more 2026-05-14 N/A 6.5 MEDIUM
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.
CVE-2025-15634 1 Hcltech 21 Bigfix Webui Api, Bigfix Webui Application Administration, Bigfix Webui Cmep and 18 more 2026-05-14 N/A 4.3 MEDIUM
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.