CVE-2021-27762
HCL BigFix Platform is affected by misconfigured security-related HTTP headers
In short
The HCL BigFix Platform web interface is missing or incorrectly configured security headers in its HTTP responses. These headers help protect against common web attacks like clickjacking and data injection, so their absence weakens browser-level security protections.
Technical detail
The vulnerability stems from missing or misconfigured HTTP security headers (such as X-Frame-Options, Content-Security-Policy, X-Content-Type-Options) in web responses from the HCL BigFix Platform. An attacker can exploit this through client-side attacks (e.g., clickjacking, MIME-sniffing) if the application lacks proper header enforcement, affecting users who interact with the platform in a browser.
Summary generated and translated by AI from the official description.
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected products
HCL Software · BigFix PlatformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →