Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

BigFix Service Management (SM)

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-31979
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.4||MEDIUM
EPSS-Not Assigned
Published-28 Aug, 2025 | 17:06
Updated-28 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM)

A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-BigFix Service Management (SM)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-31977
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-28 Aug, 2025 | 17:00
Updated-28 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A cryptographic weakness has been identified in the HCL BigFix Service Management (SM)

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.  An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-BigFix Service Management (SM)
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2025-31972
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-28 Aug, 2025 | 16:50
Updated-28 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Service Management (SM) is affected by a Sensitive Information Exposure vulnerability

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-BigFix Service Management (SM)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information