CVE-2023-28012
MEDIUMHCL BigFix Mobile - Authenticated Command Injection
Title source: llmDescription
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
References (1)
Core 1
Core References
Scores
CVSS v3
5.4
EPSS
0.0048
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-77
Status
published
Products (1)
hcltech/bigfix_mobile
3.0
Published
Jul 27, 2023
Tracked Since
Feb 18, 2026