Description
HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
Published: 2026-05-06
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability has been identified in HCL BigFix Service Management (SM) due to the use of a vulnerable WSGI server component. The insecure or outdated server may expose the application to known security weaknesses, increasing the risk of exploitation and unauthorized access. This weakness falls under CWE‑200, indicating an information‑exposure vulnerability that could allow attackers to learn sensitive data or configuration details.

Affected Systems

Affected systems are deployments of HCL BigFix Service Management (SM). No specific product versions are listed in the CNA data, so any installation that relies on the bundled WSGI server is potentially impacted. Administrators should verify the version of the WSGI server and ensure it matches any vendor‑approved secure releases.

Risk and Exploitability

The CVSS score of 4.6 indicates a medium severity and the EPSS score is not available, suggesting limited evidence of active exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the description does not explicitly state how the weakness can be exploited, the likely attack vector is through the web interface provided by the WSGI server, potentially allowing remote actors to gain information. Because no fix or workaround is provided, the risk is primarily mitigated through updating the component and tightening access controls.

Generated by OpenCVE AI on May 6, 2026 at 15:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WSGI server to the latest secure version recommended by HCL.
  • Restrict connectivity to the WSGI server by firewall rules or VPN, limiting exposure to trusted clients.
  • Enable detailed logging and monitor logs for anomalous requests or repeated information‑exposure attempts, and use the logs for forensic analysis.

Generated by OpenCVE AI on May 6, 2026 at 15:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
Title HCL BigFix Service Management (SM) is affected by use of a vulnerable component
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-06T14:46:49.273Z

Reserved: 2025-06-18T14:00:40.357Z

Link: CVE-2025-52613

cve-icon Vulnrichment

Updated: 2026-05-06T14:46:46.308Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-06T15:16:08.247

Modified: 2026-05-06T19:00:48.330

Link: CVE-2025-52613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T16:00:06Z

Weaknesses