HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation.
It can find and fix vulnerabilities on endpoints, whether it be on-premises, cloud, or virtual environments, regardless of the operating system, location, or connectivity.
Recent reports from HCL states that a redirect flaw in the login page allowed threat actors to redirect the client browser to external sites.
CVE-2023-28020: URL redirection in the Login page in HCL BigFix WebUI
This flaw exists in the login page of HCL BigFix WebUI, which allows an attacker to redirect the client browser to an external site via a redirect URL response header.
The severity of this vulnerability is given as 4.3 (medium).
HCL has released security patches for fixing this vulnerability along with several other vulnerabilities discovered by external researchers.
Other vulnerability patches
Several other vulnerabilities related to HCL BigFix that are patched, include
- Prototype Pollution on SheetJS Community Edition before 0.19.3
- SSRF Bypass on Node.js
- Uncaught Exception triggers the killing of Node.js process
- An uncaught Exception in socket.io kills the Node.js process
- Authenticated users can do SQL queries via unparameterized SQL query
- Weak Cipher Suites
- Cross-Site Request Forgery allows access to server-side files
Affected Products and Fixed versions
| WebUI Site Name | Fixed in Version |
| Application Administration | 31 |
| Common | 79 |
| Custom | 42 |
| Insights | 19 |
| Patch | 40 |
| IVR | 7 |
| Patch Policies | 36 |
| Profile Management | 24 |
| Query | 34 |
| Software Distribution | 46 |
| WebUI API | 17 |
| WebUI Content App | 20 |
| WebUI CMEP | 13 |
| WebUI Data Sync | 24 |
| WebUI Framework | 26 |
| WebUI MDM | 18 |
| WebUI Permissions and Preferences | 19 |
| WebUI Reports | 15 |
| WebUI Take Action | 27 |
| WebUI SCM | 9 |
| WebUI Extensions | 5 |
Users of these products are recommended to upgrade to the latest version to prevent threat actors.