Search
Search Results (16 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31974 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 3.9 Low |
| HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes. | ||||
| CVE-2024-30151 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 8.3 High |
| HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications | ||||
| CVE-2025-31960 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 5.3 Medium |
| HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception. | ||||
| CVE-2025-31957 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 2.6 Low |
| HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data. | ||||
| CVE-2025-31959 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 3.5 Low |
| HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. . | ||||
| CVE-2025-31975 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 2.6 Low |
| HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities. | ||||
| CVE-2025-31976 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 4.8 Medium |
| HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. . | ||||
| CVE-2025-31978 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 4.6 Medium |
| HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content. | ||||
| CVE-2025-31984 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 3.7 Low |
| HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly. | ||||
| CVE-2025-52613 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-07 | 4.6 Medium |
| HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access. | ||||
| CVE-2025-31983 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-06 | 3.7 Low |
| HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information. | ||||
| CVE-2025-31982 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-06 | 3.7 Low |
| HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality. | ||||
| CVE-2025-31958 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | 3.7 Low |
| HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking. | ||||
| CVE-2025-31981 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | 5.3 Medium |
| HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | ||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 5.3 Medium |
| HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | ||||
| CVE-2025-31972 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 6.5 Medium |
| HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | ||||
Page 1 of 1.