Skip to main content

Bigfix Service Management

4 CVEs product

Monthly

CVE-2025-31985 LOW Monitor

Missing X-Content-Type-Options response header in HCL BigFix Service Management (SM) leaves browsers without MIME-type sniffing protection, creating conditions where malicious or ambiguously typed content served through the application could be misinterpreted and executed by a victim's browser. The CVSS score of 3.7 (Low) reflects genuine constraints: high attack complexity, required low-privilege authentication, and mandatory user interaction all limit realistic exploitability. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV), consistent with its classification as a security misconfiguration rather than a critical flaw.

Information Disclosure Bigfix Service Management
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-31973 MEDIUM This Month

HCL BigFix Service Management (SM) ships container deployments built on outdated or insecure base images, inheriting known vulnerabilities from those upstream layers rather than introducing a discrete code-level flaw. The CVSS vector (AV:L/PR:H/UI:R) constrains real-world risk significantly: exploitation requires local access, high privileges, and user interaction, making opportunistic remote attack unlikely. The actual exploitability and impact depend entirely on which specific vulnerabilities are present in the underlying base image versions in use. No public exploit code and no CISA KEV listing exist at the time of analysis.

Information Disclosure Bigfix Service Management
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-31977 MEDIUM This Month

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bigfix Service Management
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-31972 MEDIUM This Month

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Bigfix Service Management
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 3.7
LOW Monitor

Missing X-Content-Type-Options response header in HCL BigFix Service Management (SM) leaves browsers without MIME-type sniffing protection, creating conditions where malicious or ambiguously typed content served through the application could be misinterpreted and executed by a victim's browser. The CVSS score of 3.7 (Low) reflects genuine constraints: high attack complexity, required low-privilege authentication, and mandatory user interaction all limit realistic exploitability. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV), consistent with its classification as a security misconfiguration rather than a critical flaw.

Information Disclosure Bigfix Service Management
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

HCL BigFix Service Management (SM) ships container deployments built on outdated or insecure base images, inheriting known vulnerabilities from those upstream layers rather than introducing a discrete code-level flaw. The CVSS vector (AV:L/PR:H/UI:R) constrains real-world risk significantly: exploitation requires local access, high privileges, and user interaction, making opportunistic remote attack unlikely. The actual exploitability and impact depend entirely on which specific vulnerabilities are present in the underlying base image versions in use. No public exploit code and no CISA KEV listing exist at the time of analysis.

Information Disclosure Bigfix Service Management
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bigfix Service Management
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Bigfix Service Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy