CVE-2025-31974

all versions

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root fi

3.9LOW

CVE-2025-31960

all versions

HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting modul

5.3MEDIUM

CVE-2024-30151

all versions

HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This cou

8.3HIGH

CVE-2025-52613

all versions

HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecur

4.6MEDIUM

CVE-2025-31984

all versions

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Optio

3.7LOW

CVE-2025-31983

all versions

HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow a

3.7LOW

CVE-2025-31982

all versions

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This c

3.7LOW

CVE-2025-31978

all versions

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before process

4.6MEDIUM

CVE-2025-31976

all versions

HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating

4.8MEDIUM

CVE-2025-31975

all versions

HCL BigFix Service Management (SM) is affected by an Information Disclosure - Server Banner issue was identified. Exposed server b

2.6LOW

CVE-2025-31959

all versions

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidential

3.5LOW

CVE-2025-31957

all versions

HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauth

2.6LOW

CVE-2025-31981

all versions

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing une

5.3MEDIUM

CVE-2025-31958

all versions

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websit

3.7LOW

CVE-2025-31977

all versions

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network acce

5.3MEDIUM

CVE-2025-31972

all versions

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption w

6.5MEDIUM