Bigfix Insights For Vulnerability Remediation
CVE-2025-31964
LOW
Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
AnalysisAI
Bigfix Insights For Vulnerability Remediation versions up to 4.2 is affected by information exposure (CVSS 2.2).
Technical ContextAI
This vulnerability (CWE-200: Information Exposure) exists in the internal component. Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. Rated medium severity (CVSS 6.5
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information dis
Bigfix Insights For Vulnerability Remediation versions up to 4.2 is affected by missing authentication for critical func
Bigfix Insights For Vulnerability Remediation versions up to 4.2 is affected by insufficient session expiration (CVSS 2.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today