CVE-2025-31977

EPSS 0.01%
Veröffentlicht 28.08.2025 17:15:35
Zuletzt bearbeitet 29.10.2025 18:12:47
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.  An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Bigfix Service Management Version23.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@hcl.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123631

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-31977

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-31977

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-31977

EUVD