Hcltech Bigfix_service_management
14 CVEs affecting Hcltech Bigfix_service_management. Latest disclosed: 2026-05-20. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-30151 | High | 8.3 | 2026-05-06 | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users t… |
CVE-2025-31960 | Medium | 5.3 | 2026-05-06 | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that suppl… |
CVE-2025-31976 | Medium | 4.8 | 2026-05-06 | HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal appl… |
CVE-2025-52613 | Medium | 4.6 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the… |
CVE-2025-31978 | Medium | 4.6 | 2026-05-06 | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An… |
CVE-2025-31973 | Medium | 4.0 | 2026-05-20 | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introd… |
CVE-2025-31974 | Low | 3.9 | 2026-05-06 | HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintend… |
CVE-2025-31985 | Low | 3.7 | 2026-05-20 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow b… |
CVE-2025-31984 | Low | 3.7 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow b… |
CVE-2025-31983 | Low | 3.7 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious… |
CVE-2025-31982 | Low | 3.7 | 2026-05-06 | HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk… |
CVE-2025-31959 | Low | 3.5 | 2026-05-06 | HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sens… |
CVE-2025-31975 | Low | 2.6 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software ve… |
CVE-2025-31957 | Low | 2.6 | 2026-05-06 | HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of s… |