Lucene search
K

7 matches found

OSV
OSV
added 2026/01/07 12:17 p.m.6 views

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

3.3CVSS5.8AI score0.00082EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 12:17 p.m.4 views

CVE-2025-31962

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...

4.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2026/01/07 7:18 a.m.12 views

CVE-2025-31964

CVE-2025-31964 affects HCL BigFix IVR 4.2. The issue is an improper service binding configuration in internal service components that causes administrative services to be bound to external network interfaces rather than the local authentication interface, potentially impacting service availabilit...

4.9CVSS6.3AI score0.00312EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/07 7:5 a.m.24 views

CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

2.9CVSS0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 7:5 a.m.2 views

CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

2.9CVSS6.5AI score0.00082EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 6:48 a.m.23 views

CVE-2025-31962 HCL BigFix IVR is impacted by an insufficient session expiration vulnerability

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...

2CVSS0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

HCL BigFix IVR 安全漏洞

HCL BigFix IVR is a vulnerability fixing tool from HCL India. A security vulnerability exists in HCL BigFix IVR version 4.2 that stems from insufficient session expiration of the Web UI authentication component, which could lead to unauthorized access to protected API endpoints...

4.3CVSS6.8AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder