Description
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-79CWE-80CWE-693
Metadata
- Primary Vendor
- HCLTECH
- Published
- 10/16/2025
- Last Modified
- 10/21/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hcltech : bigfix_mobilehcltech : bigfix_modern_client_management
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.