HCL BigFix WebUI
Moderate fix18 remedies
cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*
Moderate fix18 remedies
- < 40
- < 101
- < 50
- < 32
- < 54
- < 23
- < 51
- < 33
- < 45
- < 28
- < 22
- < 37
- < 35
- < 29
- < 27
- < 24
- < 20
- < 14
HCL BigFix WebUI Improper Authorization Vulnerability Allowing Data Access and Privilege Bypass
Vulnerability
Patched
A vulnerability in HCL BigFix WebUI exists that allows an authenticated user without Master Operator privileges to access internal data, such as site names, versions, and configuration variables. This is achieved by exploiting unprotected endpoints that lack adequate security headers, thereby bypassing privilege requirements.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive internal data and the ability to bypass established privilege requirements, potentially allowing users to perform actions or access information they should not be entitled to.
Remediation
Users are advised to upgrade to the latest version of HCL BigFix WebUI. Specific version recommendations can be found in the HCL BigFix WebUI Security Bulletin.
Added: May 9, 2026, 6:24 AM
Updated: May 9, 2026, 6:24 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
1.3exploitability
3.5remediation
7.7relevance
7.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.