CVE-2025-31964
- EPSS 0.06%
- Veröffentlicht 07.01.2026 07:18:27
- Zuletzt bearbeitet 21.01.2026 21:58:36
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of th...
CVE-2025-31963
- EPSS 0.01%
- Veröffentlicht 07.01.2026 07:05:40
- Zuletzt bearbeitet 22.01.2026 13:45:28
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
CVE-2025-31962
- EPSS 0.03%
- Veröffentlicht 07.01.2026 06:48:19
- Zuletzt bearbeitet 12.01.2026 18:22:21
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
CVE-2022-44757
- EPSS 0.1%
- Veröffentlicht 11.10.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 07:28:26
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
CVE-2022-44758
- EPSS 0.11%
- Veröffentlicht 11.10.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 07:28:26
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.