Primary

Context

HCL BigFix Mobile Content Security Policy Vulnerability

Vulnerability

Patched

A vulnerability exists in HCL BigFix Mobile versions through 3.3, related to insecure directives within the Content Security Policy (CSP). This flaw could allow an attacker to manipulate users into performing unintended actions by inadequately controlling the sources of scripts and other content.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed by users, potentially allowing for further exploitation or manipulation within the application.

Remediation

Users are advised to upgrade to HCL BigFix Mobile version 3.4 or higher.

Added: Oct 16, 2025, 9:23 AM

Updated: Oct 16, 2025, 3:58 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Mobile Content Security Policy Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL BigFix Mobile

HCL BigFix Modern Client Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating