HCL BigFix WebUI
Moderate fix18 remedies
cpe:2.3:a:hcltech:bigfix_webui:*:*:*:*:*:*:*
Moderate fix18 remedies
- < 40
- < 101
- < 50
- < 32
- < 54
- < 23
- < 51
- < 33
- < 45
- < 28
- < 22
- < 37
- < 35
- < 29
- < 27
- < 24
- < 20
- < 14
HCL BigFix WebUI Missing Authorization Vulnerability Allowing Unauthorized Access to Sensitive Information
Vulnerability
Patched
A missing authorization vulnerability exists in HCL BigFix WebUI, specifically in the Framework Application. This vulnerability allows an authenticated user without the necessary permissions to access sensitive environmental information by directly navigating to the unauthorized page via URL. The issue arises from unprotected endpoints that lack adequate security headers, enabling users to bypass privilege requirements and access internal data such as site names, versions, and configuration variables.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive environmental information, including internal data, site names, versions, and configuration variables.
Remediation
Users are advised to upgrade to HCL BigFix WebUI version 35 for the Framework Application. For other WebUI applications, please refer to the specific version details provided in the HCL BigFix WebUI Security Bulletin.
Added: May 9, 2026, 6:20 AM
Updated: May 9, 2026, 6:20 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
2.5exploitability
4.9remediation
7.7relevance
7.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.