Skip to main content

HCL BigFix Service Management EUVDEUVD-2025-209542

| CVE-2025-31981 MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2026-04-21 HCL GHSA-p537-crxv-22q7
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 21, 2026 - 16:32 vuln.today
EUVD ID Assigned
Apr 21, 2026 - 15:00 euvd
EUVD-2025-209542
Analysis Generated
Apr 21, 2026 - 15:00 vuln.today
CVE Published
Apr 21, 2026 - 14:26 nvd
MEDIUM 5.3

DescriptionCVE.org

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.

AnalysisAI

HCL BigFix Service Management Discovery accepts unencrypted HTTP traffic on port 80, allowing network-adjacent attackers to passively intercept and read sensitive data in transit without authentication or user interaction. The vulnerability exposes confidential information including credentials and system details to packet sniffing attacks on any network where the service is accessible.

Technical ContextAI

HCL BigFix Service Management (SM) is a discovery and asset management platform that typically operates over HTTPS for secure communication. This vulnerability arises from improper handling of encryption enforcement, where the application or its discovery interface listens on port 80 (HTTP) in addition to or instead of the secure port 443 (HTTPS). The root cause falls under CWE-319 (Cleartext Transmission of Sensitive Information), indicating that the service transmits sensitive data without cryptographic protection. Attackers with network visibility-such as those on the same network segment, compromised routers, or ISP-level positions-can capture and analyze unencrypted packets containing authentication tokens, configuration details, and operational data. The CPE affected is cpe:2.3:a:hclsoftware:bigfix_service_management_(sm):*:*:*:*:*:*:*:*, confirming the vulnerability spans versions of the BigFix SM product line.

RemediationAI

HCL's primary remediation is to disable HTTP (port 80) access to BigFix Service Management Discovery and enforce HTTPS (port 443) exclusively. Verify this configuration in the application settings and firewall rules. Apply any security patches released by HCL per KB article KB0127605 (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127605), which may include updated default configurations or enforcement mechanisms. As an interim compensating control, implement network-level restrictions to block inbound traffic to port 80 on BigFix SM servers using firewalls or security groups, permitting only authorized administrative networks. Additionally, deploy network-level encryption via VPN, SSL/TLS termination at a proxy, or network segmentation to protect data in transit even if the application continues to listen on HTTP. Monitor network traffic logs for HTTP connections to the service and investigate any sources outside approved administrative networks. Note that network-level mitigations do not eliminate the vulnerability if legitimate users or backup systems rely on HTTP access; coordinate with operations to transition fully to HTTPS before removing compensating controls.

CVE-2025-31976 HIGH
7.5 May 06

Credential exposure in HCL BigFix Service Management (SM) version 23 leaves credentials insufficiently protected for a b

CVE-2025-31960 MEDIUM
5.3 May 06

HCL BigFix Service Management (SM) leaks sensitive information through improper error handling in its reporting module.

CVE-2025-52613 MEDIUM
4.6 May 06

HCL BigFix Service Management (SM) contains an insecure or outdated WSGI server implementation that exposes the applicat

CVE-2025-31978 MEDIUM
4.3 May 06

HCL BigFix Service Management fails to sanitize spreadsheet data (CSV, XLS, XLSX) before export, allowing authenticated

CVE-2025-31974 LOW
3.9 May 06

HCL BigFix Service Management is vulnerable to improper root filesystem configuration, allowing high-privileged authenti

CVE-2025-31984 LOW
3.7 May 06

HCL BigFix Service Management lacks secure X-Content-Type-Options HTTP headers, allowing browsers to perform MIME-type s

CVE-2025-31958 LOW
3.7 Apr 21

HTTP request smuggling in HCL BigFix Service Management allows remote unauthenticated attackers to exploit HTTP parsing

CVE-2025-31982 LOW
3.7 May 06

HCL BigFix Service Management contains unauthenticated-accessible directories that are not linked in the user interface

CVE-2025-31983 LOW
3.7 May 06

HCL BigFix Service Management (SM) contains a Content Security Policy (CSP) header misconfiguration that enables cross-s

CVE-2025-31959 LOW
3.5 May 06

HCL BigFix Service Management fails to strip EXIF metadata from uploaded images, allowing authenticated users to inadver

CVE-2025-31957 LOW
2.6 May 06

HCL BigFix Service Management (SM) contains a cross-site request forgery (CSRF) vulnerability that allows authenticated

CVE-2025-31975 LOW
2.6 May 06

HCL BigFix Service Management exposes server banner information containing software versions and system details accessib

Share

EUVD-2025-209542 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy