Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for BigFix Service Management (SM) by HCL

    CVE-2025-31985 (GCVE-0-2025-31985)

    Vulnerability from nvd – Published: 2026-05-20 11:28 – Updated: 2026-05-20 12:50
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
    Summary
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:50:38.904607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:50:45.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T11:28:03.667Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31985",
        "datePublished": "2026-05-20T11:28:03.667Z",
        "dateReserved": "2025-04-01T18:46:33.655Z",
        "dateUpdated": "2026-05-20T12:50:45.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31973 (GCVE-0-2025-31973)

    Vulnerability from nvd – Published: 2026-05-20 11:25 – Updated: 2026-05-20 12:51
    VLAI
    Title
    HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
    Summary
    HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 11:25
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:50:57.430915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:51:05.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T11:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is susceptible to  a Configuration \u2013 \u0027Insecure Use of Base Image Version\u0027. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is susceptible to  a Configuration \u2013 \u0027Insecure Use of Base Image Version\u0027. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T11:25:44.157Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is susceptible to  a Configuration \u2013 \u0027Insecure Use of Base Image Version\u0027",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31973",
        "datePublished": "2026-05-20T11:25:44.157Z",
        "dateReserved": "2025-04-01T18:46:26.620Z",
        "dateUpdated": "2026-05-20T12:51:05.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31960 (GCVE-0-2025-31960)

    Vulnerability from nvd – Published: 2026-05-06 18:02 – Updated: 2026-05-06 18:31
    VLAI
    Title
    HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module
    Summary
    HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information.
    Assigner
    HCL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T18:31:41.411240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T18:31:51.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209:  Generation of Error Message Containing Sensitive Information.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T18:02:52.716Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31960",
        "datePublished": "2026-05-06T18:02:52.716Z",
        "dateReserved": "2025-04-01T18:46:19.517Z",
        "dateUpdated": "2026-05-06T18:31:51.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-30151 (GCVE-0-2024-30151)

    Vulnerability from nvd – Published: 2026-05-06 18:14 – Updated: 2026-05-06 18:31
    VLAI
    Title
    HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability
    Summary
    HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of sensitive information into log file
    Assigner
    HCL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T18:31:13.077414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T18:31:25.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SX)  is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications"
                }
              ],
              "value": "HCL BigFix Service Management (SX)  is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of sensitive information into log file",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T18:14:11.693Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0127782"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30151",
        "datePublished": "2026-05-06T18:14:11.693Z",
        "dateReserved": "2024-03-22T23:57:26.413Z",
        "dateUpdated": "2026-05-06T18:31:25.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52613 (GCVE-0-2025-52613)

    Vulnerability from nvd – Published: 2026-05-06 13:50 – Updated: 2026-05-06 14:46
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by use of a vulnerable component
    Summary
    HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:46:43.828830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:46:49.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:50:47.494Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by use of a vulnerable component",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-52613",
        "datePublished": "2026-05-06T13:50:47.494Z",
        "dateReserved": "2025-06-18T14:00:40.357Z",
        "dateUpdated": "2026-05-06T14:46:49.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31984 (GCVE-0-2025-31984)

    Vulnerability from nvd – Published: 2026-05-06 13:44 – Updated: 2026-05-06 14:48
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
    Summary
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31984",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:48:32.215798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:48:38.299Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:44:09.531Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31984",
        "datePublished": "2026-05-06T13:44:09.531Z",
        "dateReserved": "2025-04-01T18:46:33.655Z",
        "dateUpdated": "2026-05-06T14:48:38.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31983 (GCVE-0-2025-31983)

    Vulnerability from nvd – Published: 2026-05-06 13:40 – Updated: 2026-05-06 14:49
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header
    Summary
    HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:48:57.788021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:49:05.461Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header.  This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header.  This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358: Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:40:41.736Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31983",
        "datePublished": "2026-05-06T13:40:41.736Z",
        "dateReserved": "2025-04-01T18:46:33.655Z",
        "dateUpdated": "2026-05-06T14:49:05.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31975 (GCVE-0-2025-31975)

    Vulnerability from nvd – Published: 2026-05-06 13:51 – Updated: 2026-05-06 14:46
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.
    Summary
    HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:46:25.901838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:46:31.277Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:51:40.756Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31975",
        "datePublished": "2026-05-06T13:51:40.756Z",
        "dateReserved": "2025-04-01T18:46:26.620Z",
        "dateUpdated": "2026-05-06T14:46:31.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31985 (GCVE-0-2025-31985)

    Vulnerability from cvelistv5 – Published: 2026-05-20 11:28 – Updated: 2026-05-20 12:50
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
    Summary
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:50:38.904607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:50:45.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T11:28:03.667Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31985",
        "datePublished": "2026-05-20T11:28:03.667Z",
        "dateReserved": "2025-04-01T18:46:33.655Z",
        "dateUpdated": "2026-05-20T12:50:45.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31973 (GCVE-0-2025-31973)

    Vulnerability from cvelistv5 – Published: 2026-05-20 11:25 – Updated: 2026-05-20 12:51
    VLAI
    Title
    HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
    Summary
    HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 11:25
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:50:57.430915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:51:05.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T11:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is susceptible to  a Configuration \u2013 \u0027Insecure Use of Base Image Version\u0027. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is susceptible to  a Configuration \u2013 \u0027Insecure Use of Base Image Version\u0027. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T11:25:44.157Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is susceptible to  a Configuration \u2013 \u0027Insecure Use of Base Image Version\u0027",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31973",
        "datePublished": "2026-05-20T11:25:44.157Z",
        "dateReserved": "2025-04-01T18:46:26.620Z",
        "dateUpdated": "2026-05-20T12:51:05.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-30151 (GCVE-0-2024-30151)

    Vulnerability from cvelistv5 – Published: 2026-05-06 18:14 – Updated: 2026-05-06 18:31
    VLAI
    Title
    HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability
    Summary
    HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of sensitive information into log file
    Assigner
    HCL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T18:31:13.077414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T18:31:25.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SX)  is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications"
                }
              ],
              "value": "HCL BigFix Service Management (SX)  is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of sensitive information into log file",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T18:14:11.693Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0127782"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30151",
        "datePublished": "2026-05-06T18:14:11.693Z",
        "dateReserved": "2024-03-22T23:57:26.413Z",
        "dateUpdated": "2026-05-06T18:31:25.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31960 (GCVE-0-2025-31960)

    Vulnerability from cvelistv5 – Published: 2026-05-06 18:02 – Updated: 2026-05-06 18:31
    VLAI
    Title
    HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module
    Summary
    HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information.
    Assigner
    HCL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T18:31:41.411240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T18:31:51.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209:  Generation of Error Message Containing Sensitive Information.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T18:02:52.716Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31960",
        "datePublished": "2026-05-06T18:02:52.716Z",
        "dateReserved": "2025-04-01T18:46:19.517Z",
        "dateUpdated": "2026-05-06T18:31:51.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31975 (GCVE-0-2025-31975)

    Vulnerability from cvelistv5 – Published: 2026-05-06 13:51 – Updated: 2026-05-06 14:46
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.
    Summary
    HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:46:25.901838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:46:31.277Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:51:40.756Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31975",
        "datePublished": "2026-05-06T13:51:40.756Z",
        "dateReserved": "2025-04-01T18:46:26.620Z",
        "dateUpdated": "2026-05-06T14:46:31.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52613 (GCVE-0-2025-52613)

    Vulnerability from cvelistv5 – Published: 2026-05-06 13:50 – Updated: 2026-05-06 14:46
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by use of a vulnerable component
    Summary
    HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:46:43.828830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:46:49.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:50:47.494Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by use of a vulnerable component",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-52613",
        "datePublished": "2026-05-06T13:50:47.494Z",
        "dateReserved": "2025-06-18T14:00:40.357Z",
        "dateUpdated": "2026-05-06T14:46:49.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31984 (GCVE-0-2025-31984)

    Vulnerability from cvelistv5 – Published: 2026-05-06 13:44 – Updated: 2026-05-06 14:48
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
    Summary
    HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31984",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:48:32.215798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:48:38.299Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:44:09.531Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31984",
        "datePublished": "2026-05-06T13:44:09.531Z",
        "dateReserved": "2025-04-01T18:46:33.655Z",
        "dateUpdated": "2026-05-06T14:48:38.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31983 (GCVE-0-2025-31983)

    Vulnerability from cvelistv5 – Published: 2026-05-06 13:40 – Updated: 2026-05-06 14:49
    VLAI
    Title
    HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header
    Summary
    HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    HCL
    Impacted products
    Date Public
    2026-05-06 16:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:48:57.788021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:49:05.461Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BigFix Service Management (SM)",
              "vendor": "HCL",
              "versions": [
                {
                  "status": "affected",
                  "version": "23"
                }
              ]
            }
          ],
          "datePublic": "2026-05-06T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header.  This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information."
                }
              ],
              "value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header.  This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358: Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T13:40:41.736Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2025-31983",
        "datePublished": "2026-05-06T13:40:41.736Z",
        "dateReserved": "2025-04-01T18:46:33.655Z",
        "dateUpdated": "2026-05-06T14:49:05.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }