Description
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications
Published: 2026-05-06
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HCL BigFix Service Management (SM) has a broken access control flaw that permits users to elevate their privileges beyond the intended limits. The weakness, classified as CWE‑532, arises from improper authorization checks that allow an actor to gain elevated rights and potentially access or modify sensitive data and system configuration. The resulting effect includes unauthorized data exposure and system changes that impact the entire platform.

Affected Systems

The vulnerability affects HCL BigFix Service Management. No specific version information is provided, so the risk applies to all releases in use until a patch is applied.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity. With no EPSS data and no listing in the KEV catalog, the exact likelihood of exploitation remains uncertain, but the described flaw suggests that attackers who can reach the application may exploit the broken access controls to hijack privileged roles. Because the attack vector is not explicitly documented, we infer it relies on existing authenticated sessions or misconfigured permissions that allow privilege escalation. Until a vendor fix is deployed, the best mitigation is to block or monitor privileged endpoints.

Generated by OpenCVE AI on May 6, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HCL BigFix Service Management patch or upgrade to the corrected release as detailed in HCL’s support article KB0127782.
  • Configure network and ACL rules to restrict external access to privileged management interfaces and enforce least‑privilege principles for all user accounts.
  • Implement continuous monitoring and auditing of privilege changes to detect and respond to unauthorized elevation attempts.

Generated by OpenCVE AI on May 6, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications
Title HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-06T18:31:25.156Z

Reserved: 2024-03-22T23:57:26.413Z

Link: CVE-2024-30151

cve-icon Vulnrichment

Updated: 2026-05-06T18:31:19.299Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T19:16:35.040

Modified: 2026-05-06T19:20:52.837

Link: CVE-2024-30151

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T19:30:10Z

Weaknesses