CVE-2025-15633

EPSS 0.03%
Veröffentlicht 09.05.2026 04:58:55
Zuletzt bearbeitet 14.05.2026 20:28:21
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL BigFix WebUI is affected by an improper authorization vulnerability

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 21 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Bigfix Webui Api Version < 33

Hcltech ≫ Bigfix Webui Application Administration Version < 40

Hcltech ≫ Bigfix Webui Cmep Version < 22

Hcltech ≫ Bigfix Webui Common Version < 101

Hcltech ≫ Bigfix Webui Content App Version < 28

Hcltech ≫ Bigfix Webui Custom Version < 50

Hcltech ≫ Bigfix Webui Data Sync Version < 37

Hcltech ≫ Bigfix Webui Extensions Version < 14

Hcltech ≫ Bigfix Webui Framework Version < 35

Hcltech ≫ Bigfix Webui Insights Version < 32

Hcltech ≫ Bigfix Webui Ivr Version < 23

Hcltech ≫ Bigfix Webui Mdm Version < 29

Hcltech ≫ Bigfix Webui Patch Version < 54

Hcltech ≫ Bigfix Webui Patch Policies Version < 51

Hcltech ≫ Bigfix Webui Permissions And Preferences Version < 27

Hcltech ≫ Bigfix Webui Profile Management Version < 33

Hcltech ≫ Bigfix Webui Query Version < 45

Hcltech ≫ Bigfix Webui Reports Version < 24

Hcltech ≫ Bigfix Webui Scm Version < 20

Hcltech ≫ Bigfix Webui Software Distribution Version < 54

Hcltech ≫ Bigfix Webui Take Action Version < 37

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@hcl.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15633

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15633

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15633

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15633