Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
Weakness
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hcl_devops_deploy | Hcltechsw | 8.0.0.0 (including) | 8.0.1.11 (excluding) |
| Hcl_devops_deploy | Hcltechsw | 8.1.0 (including) | 8.1.2.4 (excluding) |
| Hcl_launch | Hcltechsw | 7.3.0.0 (including) | 7.3.2.16 (excluding) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/1.html
- https://cwe.mitre.org/data/definitions/107.html
- https://cwe.mitre.org/data/definitions/127.html
- https://cwe.mitre.org/data/definitions/17.html
- https://cwe.mitre.org/data/definitions/20.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/237.html
- https://cwe.mitre.org/data/definitions/36.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/480.html
- https://cwe.mitre.org/data/definitions/51.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/65.html
- https://cwe.mitre.org/data/definitions/668.html
- https://cwe.mitre.org/data/definitions/74.html
- https://cwe.mitre.org/data/definitions/87.html
References
- https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0127332