CVE-2025-31965
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-07-31
Assigner: HCL Software
Description
Description
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | bigfix_remote_control_server | 10.1.0.0248 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to improper access restrictions in the HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower), which allows non-admin users to view information on certain web pages that they are not authorized to see.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing non-admin users to access sensitive or unauthorized information through the web interface, potentially leading to information disclosure and increased risk to system integrity and confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70