Description
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.
Published: 2026-05-20
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HCL BigFix Service Management (SM) contains a configuration flaw labeled “Insecure Use of Base Image Version.” The flaw allows the deployment of base images that are outdated or contain known vulnerabilities, thereby potentially exposing the application to additional security weaknesses. The vulnerability is classified as CWE‑1395, indicating improper handling of the execution environment. The impact is a configuration risk that could extend to confidentiality or integrity if the base image includes compromised software.

Affected Systems

The affected product is HCL BigFix Service Management (SM). No specific version identifiers are listed in the CNA data, so all current installations of this product could be affected until a fix is applied or configuration changes are made.

Risk and Exploitability

The CVSS score of 4.0 denotes a moderate severity. The EPSS score is <1% (0.00012), indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, suggesting no documented widespread exploitation. Based on the description, it is inferred that the likely attack vector involves using an insecure base image; an adversary who controls image selection (or an untrusted process that can modify the image) could introduce or leverage existing vulnerabilities within that image to further compromise the system.

Generated by OpenCVE AI on May 20, 2026 at 21:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch or update referenced in HCL’s support article KB0128144, which addresses the insecure base image handling issue.
  • Replace any current base images with a certified, up‑to‑date image from HCL’s official repository to eliminate known vulnerabilities in the deployment environment.
  • Conduct a vulnerability scan on the selected base image before deployment to ensure it contains no known exposures.
  • Review and enforce image selection policies to prevent the use of unapproved or outdated base images in future deployments.

Generated by OpenCVE AI on May 20, 2026 at 21:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech bigfix Service Management
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech bigfix Service Management

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.
Title HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
Weaknesses CWE-1395
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Hcltech Bigfix Service Management
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-20T12:51:05.651Z

Reserved: 2025-04-01T18:46:26.620Z

Link: CVE-2025-31973

cve-icon Vulnrichment

Updated: 2026-05-20T12:51:01.035Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T12:16:20.527

Modified: 2026-05-20T19:11:42.040

Link: CVE-2025-31973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T21:15:26Z

Weaknesses