CVE-2025-31972
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-10-29
Assigner: HCL Software
Description
Description
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | bigfix_service_management | 23.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL BigFix SM involves sensitive information exposure because internal connections between components do not use TLS encryption. This lack of encryption could allow an attacker to intercept and access sensitive data transmitted internally.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to gain unauthorized access to sensitive data transmitted between internal components of HCL BigFix SM, potentially leading to data breaches or exposure of confidential information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70