Hcltech

Bigfix Service Management

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.3

CVE-2024-30151

  • EPSS 0.05%
  • Veröffentlicht 06.05.2026 18:14:11
  • Zuletzt bearbeitet 07.05.2026 17:06:09

HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in expo...

5.3

CVE-2025-31960

  • EPSS 0.04%
  • Veröffentlicht 06.05.2026 18:02:52
  • Zuletzt bearbeitet 07.05.2026 17:05:54

HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-vie...

7.2

CVE-2025-31974

  • EPSS 0.04%
  • Veröffentlicht 06.05.2026 18:01:39
  • Zuletzt bearbeitet 11.05.2026 13:51:22

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system c...

5.3

CVE-2025-31975

  • EPSS 0.03%
  • Veröffentlicht 06.05.2026 13:51:40
  • Zuletzt bearbeitet 07.05.2026 16:33:48

HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.

8.8

CVE-2025-52613

  • EPSS 0.07%
  • Veröffentlicht 06.05.2026 13:50:47
  • Zuletzt bearbeitet 07.05.2026 14:59:40

HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation a...

7.5

CVE-2025-31976

  • EPSS 0.04%
  • Veröffentlicht 06.05.2026 13:49:39
  • Zuletzt bearbeitet 07.05.2026 16:30:53

HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. .

4.6

CVE-2025-31978

  • EPSS 0.03%
  • Veröffentlicht 06.05.2026 13:48:32
  • Zuletzt bearbeitet 07.05.2026 16:26:10

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt informatio...

3.5

CVE-2025-31959

  • EPSS 0.03%
  • Veröffentlicht 06.05.2026 13:47:20
  • Zuletzt bearbeitet 07.05.2026 16:35:04

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .

6.5

CVE-2025-31982

  • EPSS 0.03%
  • Veröffentlicht 06.05.2026 13:46:05
  • Zuletzt bearbeitet 06.05.2026 23:16:36

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.

5.4

CVE-2025-31984

  • EPSS 0.03%
  • Veröffentlicht 06.05.2026 13:44:09
  • Zuletzt bearbeitet 07.05.2026 16:25:03

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpre...