Description
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation.  This low-level flaw allows unauthorized access and may lead to information exposure.
Published: 2026-06-04
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The revised description confirms a lack of input validation in HCL BigFix Cloud Lifecycle Management, which can allow unauthorized access and lead to information disclosure. The CVSS score of 3.3 indicates a low severity flaw, but the potential for sensitive data exposure remains a concern.

Affected Systems

HCL BigFix Cloud Lifecycle Management is the only affected product identified. No specific version ranges are listed in the CNA data.

Risk and Exploitability

The risk is modest; the flaw has a low CVSS score, the EPSS score is not available, and it is not listed in the CISA KEV catalog, suggesting no widespread exploitation has been observed. The likely attack vector is through unvalidated user input, potentially exposed on web or API interfaces, but the precise exploitation conditions are not detailed in the advisory.

Generated by OpenCVE AI on June 5, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the HCL fix referenced on the support link KB0130802
  • Validate all input fields and enforce strict input validation rules
  • Restrict network exposure of administrative interfaces to trusted networks

Generated by OpenCVE AI on June 5, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech bigfix Cloud Lifecycle Management
Vendors & Products Hcltech
Hcltech bigfix Cloud Lifecycle Management

Fri, 05 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 05 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-200

Fri, 05 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description The HCL BigFix Cloud Lifecycle Management is affected by Lack Of Input Validation. It may leads to an information exposure vulnerability. This low-level flaw allows unauthorized access. HCL BigFix Cloud Lifecycle Management is affected by lack of input validation.  This low-level flaw allows unauthorized access and may lead to information exposure.
Title The HCL BigFix Cloud Lifecycle Management is affected by Lack of Input Validation. HCL BigFix Cloud Lifecycle Management is affected by lack of input validation

Thu, 04 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-200

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description The HCL BigFix Cloud Lifecycle Management is affected by Lack Of Input Validation. It may leads to an information exposure vulnerability. This low-level flaw allows unauthorized access.
Title The HCL BigFix Cloud Lifecycle Management is affected by Lack of Input Validation.
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Hcltech Bigfix Cloud Lifecycle Management
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-05T04:44:15.623Z

Reserved: 2025-10-10T09:04:27.770Z

Link: CVE-2025-62338

cve-icon Vulnrichment

Updated: 2026-06-04T13:54:40.003Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T14:16:35.330

Modified: 2026-06-05T05:16:39.247

Link: CVE-2025-62338

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:02Z

Weaknesses