CVE-2021-27780
HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction
In short
HCL BigFix Mobile/Modern Client Management allows attackers to send XML commands and enroll devices without needing to log in, potentially compromising device management and control.
Technical detail
The application fails to properly authenticate XML interaction endpoints and device enrollment mechanisms, enabling unauthenticated threat actors to submit malicious XML payloads and register unauthorized devices. This vector bypasses authentication controls and may lead to unauthorized device management, data exfiltration, or lateral movement within the managed environment.
Summary generated and translated by AI from the official description.
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
HCL Software · HCL BigFix Mobile / Modern Client ManagementWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →