Lucene search
K
HcltechBigfix Service Management

18 matches found

CVE
CVE
added 2026/05/20 11:28 a.m.32 views

CVE-2025-31985

CVE-2025-31985 affects HCL BigFix Service Management (SM). The issue is a security misconfiguration caused by a missing or insecure X-Content-Type-Options header, which could allow browsers to perform MIME-type sniffing and potentially cause malicious content to be interpreted and executed incorr...

6.5CVSS5.8AI score0.00157EPSS
CVE
CVE
added 2026/05/06 1:47 p.m.24 views

CVE-2025-31959

Affected product : HCL BigFix Service Management (SM). Vulnerability : The SM application fails to strip EXIF metadata from uploaded images. This metadata may include sensitive location information, leading to confidentiality/privacy risks if inadvertently shared. Impact (from sources) : Privacy/...

3.5CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2026/05/20 11:25 a.m.23 views

CVE-2025-31973

Technical details for CVE-2025-31973 are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.8AI score0.00178EPSS
CVE
CVE
added 2025/08/28 5:0 p.m.19 views

CVE-2025-31977

CVE-2025-31977 concerns HCL BigFix SM and describes a cryptographic weakness due to weak or outdated encryption algorithms. The documents state that an attacker with network access could decrypt or manipulate encrypted communications under certain conditions. The NVD entry and Red Hat advisory co...

6.5CVSS6.3AI score0.00094EPSS
CVE
CVE
added 2025/08/28 4:50 p.m.18 views

CVE-2025-31972

CVE-2025-31972 affects HCL BigFix SM. It describes a sensitive information exposure due to internal connections not using TLS, allowing potential disclosure of data between internal components. CVSS 3.1 base score 6.5 (MEDIUM); attack vector adjacent, attack complexity low, privileges required no...

6.5CVSS6.1AI score0.00088EPSS
CVE
CVE
added 2026/05/06 1:48 p.m.18 views

CVE-2025-31978

CVE-2025-31978 : HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. The underlying issue may allow an attacker to craft data fields that, when saved to a CSV, could trigger information exfiltr...

4.6CVSS5.8AI score0.00137EPSS
CVE
CVE
added 2026/05/06 1:49 p.m.17 views

CVE-2025-31976

Technical details about CVE-2025-31976 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected products, impact, and remediation.

7.5CVSS5.8AI score0.00162EPSS
CVE
CVE
added 2026/05/06 1:44 p.m.17 views

CVE-2025-31984

Technical details (affected versions, root cause specifics, exploit status) are not publicly available in the provided documents. Monitor for updates from advisory sources.

5.4CVSS5.8AI score0.00135EPSS
CVE
CVE
added 2026/05/06 6:2 p.m.16 views

CVE-2025-31960

CVE-2025-31960 affects HCL BigFix Service Management (SM). In the reporting module, improper error handling when a consumer_company parameter is supplied in a report-viewing request can trigger an unhandled exception, leading to information exposure. CVSS:3.1 base score 5.3 (MEDIUM), network acce...

5.3CVSS5.8AI score0.0024EPSS
CVE
CVE
added 2026/05/06 1:51 p.m.16 views

CVE-2025-31975

Technical details about CVE-2025-31975 are not publicly available in the provided documents. The sources describe an information disclosure via server banners but do not specify affected versions, root cause, exploitability, or remediation. Monitor for updates.

5.3CVSS5.8AI score0.00172EPSS
CVE
CVE
added 2026/05/06 1:50 p.m.16 views

CVE-2025-52613

Technical details about CVE-2025-52613 are not publicly available in the provided documents. No explicit affected product versions, root cause, or fixes are disclosed here. Monitor for future updates from vendors and security advisories.

8.8CVSS5.8AI score0.00234EPSS
CVE
CVE
added 2026/05/06 6:14 p.m.14 views

CVE-2024-30151

CVE-2024-30151 affects HCL BigFix Service Management (SX). The vulnerability is a Broken Access Control issue that could allow unauthorized users to escalate privileges and bypass intended access restrictions, potentially exposing sensitive data or enabling unauthorized system changes. Documented...

8.3CVSS5.8AI score0.00248EPSS
CVE
CVE
added 2026/05/06 6:1 p.m.14 views

CVE-2025-31974

CVE-2025-31974 affects HCL BigFix Service Management (SM). The connected documents describe a vulnerability where the root filesystem is not mounted as read-only, which could allow unintended modifications to critical system components and potentially increase the risk of system compromise or una...

7.2CVSS5.8AI score0.00178EPSS
CVE
CVE
added 2026/04/21 2:26 p.m.14 views

CVE-2025-31981

HCL BigFix Service Management (SM) Discovery is affected by unenforced encryption caused by HTTP port 80 being open. An attacker with network access can sniff unencrypted traffic, potentially exposing data (Confidentiality impact: LOW per CVSS). The provided documents do not specify a remediation...

5.3CVSS5.8AI score0.00087EPSS
CVE
CVE
added 2026/05/06 1:40 p.m.14 views

CVE-2025-31983

Technical details (affected product, vulnerable component, impact, remediation) for CVE-2025-31983 are not publicly provided in the supplied documents. Monitor updates from NVD/EUVD/CIRCL and related feeds.

4.6CVSS5.7AI score0.00118EPSS
CVE
CVE
added 2026/05/06 1:46 p.m.13 views

CVE-2025-31982

Technical details about CVE-2025-31982 are not publicly provided in the supplied documents. Please monitor for updates from sources (vendor advisories, NVD, ENISA/EUVD) for affected products, impact, and fixes.

6.5CVSS5.8AI score0.00153EPSS
CVE
CVE
added 2026/05/06 1:37 p.m.11 views

CVE-2025-31957

Technical details for CVE-2025-31957 are not publicly available in the provided documents. The records reiterate a CSRF vulnerability in HHCL BigFix Service Management but do not specify affected versions, impact specifics, or remediation steps. Monitor for updates.

5.7CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2026/04/21 1:59 p.m.11 views

CVE-2025-31958

HCL BigFix Service Management is reported vulnerable to HTTP Request Smuggling. The connected sources describe HTTP request smuggling as an issue arising when front-end and back-end servers parse requests inconsistently, enabling bypass of security controls and potentially enabling cache poisonin...

8.2CVSS5.8AI score0.00177EPSS