Skip to main content

Bigfix Cloud Lifecycle Management

1 CVEs product

Monthly

CVE-2025-62338 LOW Monitor

Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.

Authentication Bypass Information Disclosure Bigfix Cloud Lifecycle Management
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
EPSS 0% CVSS 3.3
LOW Monitor

Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.

Authentication Bypass Information Disclosure Bigfix Cloud Lifecycle Management
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy