CVE-2025-52622

Medium CVSS: 5.4

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.

Vendor

Product

CWE

CWE-1188

Yayın Tarihi

2025-12-02 18:15:47

Güncelleme

2025-12-04 17:15:25

Source Identifier

psirt@hcl.com

KEV Date Added

Kategoriler

CWE-1188 MEDIUM 2025

Referanslar

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127171