Description
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.
Published: 2026-05-06
Score: 2.6 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HCL BigFix Service Management (SM) is vulnerable to an Information Disclosure by exposing server banner data. The banner reveals software versions and system details, which can provide an attacker useful context for targeting other known weaknesses. The weakness is classified as CWE-200. The CVSS score of 2.6 reflects a low severity but the vulnerability still compromises confidentiality of system information.

Affected Systems

Theffected product is HCL BigFix Service Management (SM). No specific impacted versions are listed, so all installations of the product should be considered potentially affected.

Risk and Exploitability

The low CVSS score indicates limited impact if the flaw is exploited. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not currently widely exploited. Attackers would typically reach the vulnerable server over the network and obtain the banner during initial connection, using the disclosed details for further reconnaissance or to plan further attacks.

Generated by OpenCVE AI on May 6, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the HCL support article KB0128144 for any available patches or recommended workarounds for mitigating server banner disclosure.
  • Configure BigFix SM to disable or obfuscate server banner responses, ensuring that version and system information are not exposed to unauthenticated clients.
  • Apply all HCL updates or patches that address the banner disclosure as soon as they become available.

Generated by OpenCVE AI on May 6, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.
Title HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 2.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-06T14:46:31.277Z

Reserved: 2025-04-01T18:46:26.620Z

Link: CVE-2025-31975

cve-icon Vulnrichment

Updated: 2026-05-06T14:46:28.154Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-06T15:16:05.980

Modified: 2026-05-06T19:00:48.330

Link: CVE-2025-31975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T16:30:06Z

Weaknesses