CVEFinder.io

CVE-2025-31976

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. .

CVSS Score
4.8
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-06
First Seen: 2026-05-10
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 13.8% of all 330,193 vulnerabilities in our database.

#284,724
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 6, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-07
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-200 CWE-522

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
hcltech bigfix_service_management Affected
v23.0

πŸ”— References 1

https://support.hcl-software.com/csm?id=kb_article&s...
Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-31973 πŸ”Ά medium 4.0 0.0 HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using ou... 2026-05-20
CVE-2025-31985 ℹ️ low 3.7 0.0 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure β€œX-Content-... 2026-05-20
CVE-2025-31957 ℹ️ low 2.6 0.0 HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead... 2026-05-06
CVE-2025-31959 ℹ️ low 3.5 0.0 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to co... 2026-05-06
CVE-2025-31975 ℹ️ low 2.6 0.0 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Expo... 2026-05-06
CVE-2025-31978 πŸ”Ά medium 4.6 0.0 HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) befo... 2026-05-06
These CVEs affect the same products