Hcltech Bigfix Service Management — known CVE vulnerabilities
Every CVE whose affected-product data names Hcltech Bigfix Service Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2024-30151 — CVSS 8.3 (high): HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow…
CVE-2025-31972 — CVSS 6.5 (medium): HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which…
CVE-2025-31981 — CVSS 5.3 (medium): HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted…
CVE-2025-31977 — CVSS 5.3 (medium): HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could…
CVE-2025-31960 — CVSS 5.3 (medium): HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was…
CVE-2025-31976 — CVSS 4.8 (medium): HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a…
CVE-2025-31978 — CVSS 4.6 (medium): HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or…
CVE-2025-52613 — CVSS 4.6 (medium): HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI…
CVE-2025-31973 — CVSS 4.0 (medium): HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure…
CVE-2025-31974 — CVSS 3.9 (low): HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system…
CVE-2025-31958 — CVSS 3.7 (low): HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route…
CVE-2025-31982 — CVSS 3.7 (low): HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could…
CVE-2025-31983 — CVSS 3.7 (low): HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers…
CVE-2025-31984 — CVSS 3.7 (low): HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options”…
CVE-2025-31985 — CVSS 3.7 (low): HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options”…
CVE-2025-31959 — CVSS 3.5 (low): HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and…
CVE-2025-31957 — CVSS 2.6 (low): HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized…
CVE-2025-31975 — CVSS 2.6 (low): HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners…