Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-59849

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-17 Dec, 2025 | 20:28
Updated At-17 Dec, 2025 | 20:45
Rejected At-
Credits

HCL BigFix Remote Control is vulnerable to an insecure CSP configuration

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:17 Dec, 2025 | 20:28
Updated At:17 Dec, 2025 | 20:45
Rejected At:
â–¼CVE Numbering Authority (CNA)
HCL BigFix Remote Control is vulnerable to an insecure CSP configuration

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
BigFix Remote Control
Default Status
unaffected
Versions
Affected
  • <= 10.1.0.0326
Problem Types
TypeCWE IDDescription
CWECWE-1021CWE-1021 Improper Restriction of Rendered UI Layers or Frames
CWECWE-693CWE-693 Protection Mechanism Failure
Type: CWE
CWE ID: CWE-1021
Description: CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Type: CWE
CWE ID: CWE-693
Description: CWE-693 Protection Mechanism Failure
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:17 Dec, 2025 | 21:16
Updated At:06 Jan, 2026 | 19:54

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches

HCL Technologies Ltd.
hcltechsw
>>hcl_devops_deploy>>Versions from 8.0.0.0(inclusive) to 8.0.1.11(exclusive)
cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltechsw
>>hcl_devops_deploy>>Versions from 8.1.0(inclusive) to 8.1.2.4(exclusive)
cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltechsw
>>hcl_launch>>Versions from 7.3.0.0(inclusive) to 7.3.2.16(exclusive)
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-693Secondarypsirt@hcl.com
CWE-1021Secondarypsirt@hcl.com
CWE ID: CWE-693
Type: Secondary
Source: psirt@hcl.com
CWE ID: CWE-1021
Type: Secondary
Source: psirt@hcl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332psirt@hcl.com
Vendor Advisory
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332
Source: psirt@hcl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

108Records found

CVE-2020-13174
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.66% / 47.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 17:31
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.

Action-Not Available
Vendor-teradicin/a
Product-pcoip_management_console- Management Console
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2020-9444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.67% / 47.51%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 19:49
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.

Action-Not Available
Vendor-n/aKandra Labs, Inc. (Zulip)
Product-zulip_servern/a
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-8771
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.98% / 57.99%
||
7 Day CHG-0.01%
Published-27 Oct, 2020 | 19:47
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ossafariSafariiOS
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-4217
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.18% / 64.00%
||
7 Day CHG~0.00%
Published-06 Jun, 2019 | 20:45
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226.

Action-Not Available
Vendor-IBM Corporation
Product-security_information_queueSecurity Information Queue
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-4215
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 55.19%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 15:21
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186.

Action-Not Available
Vendor-IBM Corporation
Product-smartcloud_analytics_log_analysisSmartCloud Analytics
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-4086
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.19% / 64.27%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:05
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.

Action-Not Available
Vendor-IBM Corporation
Product-application_performance_managementCloud Application Performance Management
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-4742
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 55.19%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-1975
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.21% / 64.59%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 16:15
Updated-21 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx240c_af_m5hyperflex_hx240c_m5hyperflex_hx220c_m5hyperflex_hx240c_m5_firmwarehyperflex_hx220c_edge_m5hyperflex_hx220c_m5_firmwarehyperflex_hx220c_af_m5_firmwarehyperflex_hx240c_af_m5_firmwarehyperflex_hx220c_edge_m5_firmwarehyperflex_hx220c_af_m5Cisco HyperFlex HX-Series
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found