18 matches found
CVE-2025-31985
CVE-2025-31985 affects HCL BigFix Service Management (SM). The issue is a security misconfiguration caused by a missing or insecure X-Content-Type-Options header, which could allow browsers to perform MIME-type sniffing and potentially cause malicious content to be interpreted and executed incorr...
CVE-2025-31959
Affected product : HCL BigFix Service Management (SM). Vulnerability : The SM application fails to strip EXIF metadata from uploaded images. This metadata may include sensitive location information, leading to confidentiality/privacy risks if inadvertently shared. Impact (from sources) : Privacy/...
CVE-2025-31973
Technical details for CVE-2025-31973 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-31977
CVE-2025-31977 concerns HCL BigFix SM and describes a cryptographic weakness due to weak or outdated encryption algorithms. The documents state that an attacker with network access could decrypt or manipulate encrypted communications under certain conditions. The NVD entry and Red Hat advisory co...
CVE-2025-31972
CVE-2025-31972 affects HCL BigFix SM. It describes a sensitive information exposure due to internal connections not using TLS, allowing potential disclosure of data between internal components. CVSS 3.1 base score 6.5 (MEDIUM); attack vector adjacent, attack complexity low, privileges required no...
CVE-2025-31978
CVE-2025-31978 : HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. The underlying issue may allow an attacker to craft data fields that, when saved to a CSV, could trigger information exfiltr...
CVE-2025-31976
Technical details about CVE-2025-31976 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected products, impact, and remediation.
CVE-2025-31984
Technical details (affected versions, root cause specifics, exploit status) are not publicly available in the provided documents. Monitor for updates from advisory sources.
CVE-2025-31960
CVE-2025-31960 affects HCL BigFix Service Management (SM). In the reporting module, improper error handling when a consumer_company parameter is supplied in a report-viewing request can trigger an unhandled exception, leading to information exposure. CVSS:3.1 base score 5.3 (MEDIUM), network acce...
CVE-2025-31975
Technical details about CVE-2025-31975 are not publicly available in the provided documents. The sources describe an information disclosure via server banners but do not specify affected versions, root cause, exploitability, or remediation. Monitor for updates.
CVE-2025-52613
Technical details about CVE-2025-52613 are not publicly available in the provided documents. No explicit affected product versions, root cause, or fixes are disclosed here. Monitor for future updates from vendors and security advisories.
CVE-2024-30151
CVE-2024-30151 affects HCL BigFix Service Management (SX). The vulnerability is a Broken Access Control issue that could allow unauthorized users to escalate privileges and bypass intended access restrictions, potentially exposing sensitive data or enabling unauthorized system changes. Documented...
CVE-2025-31974
CVE-2025-31974 affects HCL BigFix Service Management (SM). The connected documents describe a vulnerability where the root filesystem is not mounted as read-only, which could allow unintended modifications to critical system components and potentially increase the risk of system compromise or una...
CVE-2025-31981
HCL BigFix Service Management (SM) Discovery is affected by unenforced encryption caused by HTTP port 80 being open. An attacker with network access can sniff unencrypted traffic, potentially exposing data (Confidentiality impact: LOW per CVSS). The provided documents do not specify a remediation...
CVE-2025-31983
Technical details (affected product, vulnerable component, impact, remediation) for CVE-2025-31983 are not publicly provided in the supplied documents. Monitor updates from NVD/EUVD/CIRCL and related feeds.
CVE-2025-31982
Technical details about CVE-2025-31982 are not publicly provided in the supplied documents. Please monitor for updates from sources (vendor advisories, NVD, ENISA/EUVD) for affected products, impact, and fixes.
CVE-2025-31957
Technical details for CVE-2025-31957 are not publicly available in the provided documents. The records reiterate a CSRF vulnerability in HHCL BigFix Service Management but do not specify affected versions, impact specifics, or remediation steps. Monitor for updates.
CVE-2025-31958
HCL BigFix Service Management is reported vulnerable to HTTP Request Smuggling. The connected sources describe HTTP request smuggling as an issue arising when front-end and back-end servers parse requests inconsistently, enabling bypass of security controls and potentially enabling cache poisonin...