Search criteria
4 vulnerabilities found for BigFix Platform by HCLSoftware
CVE-2026-21767 (GCVE-0-2026-21767)
Vulnerability from nvd – Published: 2026-04-01 23:47 – Updated: 2026-04-02 18:22
VLAI
Title
HCL BigFix Platform is affected by insufficient authentication
Summary
HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCLSoftware | BigFix Platform |
Affected:
11.0.0 - 11.0.5
|
Date Public
2026-04-01 23:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:21:56.731436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:19.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCLSoftware",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
}
]
}
],
"datePublic": "2026-04-01T23:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL BigFix Platform is affected by\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003einsufficient authentication.\u0026nbsp; The application might allow users to access sensitive areas of the application without proper authentication."
}
],
"value": "HCL BigFix Platform is affected by\u00a0insufficient authentication.\u00a0 The application might allow users to access sensitive areas of the application without proper authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:47:39.363Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129906"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Platform is affected by\u00a0insufficient authentication",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2026-21767",
"datePublished": "2026-04-01T23:47:39.363Z",
"dateReserved": "2026-01-05T16:07:58.367Z",
"dateUpdated": "2026-04-02T18:22:19.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21765 (GCVE-0-2026-21765)
Vulnerability from nvd – Published: 2026-04-01 23:36 – Updated: 2026-04-02 18:21
VLAI
Title
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
Summary
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCLSoftware | BigFix Platform |
Affected:
11.0.0 - 11.0.5
|
Date Public
2026-04-01 23:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:20:48.284525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:21:14.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCLSoftware",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
}
]
}
],
"datePublic": "2026-04-01T23:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.\u0026nbsp; The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions."
}
],
"value": "HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.\u00a0 The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:36:45.573Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129906"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Platform is affected by insecure permissions on private cryptographic keys",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2026-21765",
"datePublished": "2026-04-01T23:36:45.573Z",
"dateReserved": "2026-01-05T16:07:58.367Z",
"dateUpdated": "2026-04-02T18:21:14.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21767 (GCVE-0-2026-21767)
Vulnerability from cvelistv5 – Published: 2026-04-01 23:47 – Updated: 2026-04-02 18:22
VLAI
Title
HCL BigFix Platform is affected by insufficient authentication
Summary
HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCLSoftware | BigFix Platform |
Affected:
11.0.0 - 11.0.5
|
Date Public
2026-04-01 23:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:21:56.731436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:19.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCLSoftware",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
}
]
}
],
"datePublic": "2026-04-01T23:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL BigFix Platform is affected by\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003einsufficient authentication.\u0026nbsp; The application might allow users to access sensitive areas of the application without proper authentication."
}
],
"value": "HCL BigFix Platform is affected by\u00a0insufficient authentication.\u00a0 The application might allow users to access sensitive areas of the application without proper authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:47:39.363Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129906"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Platform is affected by\u00a0insufficient authentication",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2026-21767",
"datePublished": "2026-04-01T23:47:39.363Z",
"dateReserved": "2026-01-05T16:07:58.367Z",
"dateUpdated": "2026-04-02T18:22:19.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21765 (GCVE-0-2026-21765)
Vulnerability from cvelistv5 – Published: 2026-04-01 23:36 – Updated: 2026-04-02 18:21
VLAI
Title
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
Summary
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCLSoftware | BigFix Platform |
Affected:
11.0.0 - 11.0.5
|
Date Public
2026-04-01 23:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:20:48.284525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:21:14.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCLSoftware",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
}
]
}
],
"datePublic": "2026-04-01T23:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.\u0026nbsp; The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions."
}
],
"value": "HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.\u00a0 The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:36:45.573Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129906"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Platform is affected by insecure permissions on private cryptographic keys",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2026-21765",
"datePublished": "2026-04-01T23:36:45.573Z",
"dateReserved": "2026-01-05T16:07:58.367Z",
"dateUpdated": "2026-04-02T18:21:14.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}