Description
HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive areas of the application without proper authentication.
Published: 2026-04-01
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

HCL BigFix Platform is affected by insufficient authentication, allowing users to reach sensitive areas of the application without proper credentials. The flaw enables unauthorized disclosure, modification, or impersonation of privileged data or functions, representing an authentication bypass weakness (CWE-306).

Affected Systems

The affected product is the HCLSoftware BigFix Platform. No specific versions were listed in the data; the vulnerability is reported as a general issue affecting the platform in its current deployments until corrected by a vendor update.

Risk and Exploitability

The CVSS score of 4.0 indicates a moderate risk. While the exploitability score (EPSS) is not available, the weakness implies that an attacker can misuse web interfaces or internal application calls to impersonate users, as inferred from the description. The vulnerability is not listed in CISA’s KEV catalog, but because it permits unauthorized access, it should be considered a medium to high priority by security teams.

Generated by OpenCVE AI on April 2, 2026 at 02:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑published patch or update for HCL BigFix Platform as soon as it becomes available.
  • Verify that the authentication mechanism is enforced for all sensitive application areas after patching.
  • Review user roles and permissions to ensure least‑privilege access is maintained for all accounts.
  • Consult the vendor’s advisory (e.g., https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906) for any additional configuration guidance or temporary mitigations.

Generated by OpenCVE AI on April 2, 2026 at 02:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech bigfix Platform
Vendors & Products Hcltech
Hcltech bigfix Platform
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive areas of the application without proper authentication.
Title HCL BigFix Platform is affected by insufficient authentication
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Hcltech Bigfix Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-04-02T18:22:19.150Z

Reserved: 2026-01-05T16:07:58.367Z

Link: CVE-2026-21767

cve-icon Vulnrichment

Updated: 2026-04-02T18:22:11.303Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T00:16:24.147

Modified: 2026-04-16T16:05:38.500

Link: CVE-2026-21767

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:15:53Z

Weaknesses