Primary

Context

HCL BigFix Service Management Privilege Escalation Vulnerability

Vulnerability

A Broken Access Control vulnerability has been identified in HCL BigFix Service Management (SX) Version 23, allowing unauthorized users to escalate privileges and bypass access restrictions. This vulnerability could lead to the exposure of sensitive data or unauthorized modifications to the system.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing users to gain elevated rights and access restricted functionalities within the application.

Remediation

HCL has developed a new microservice to implement Role-Based Access Control (RBAC) throughout the product, addressing the broken access control vulnerability. This fix will be available in version 27.

Added: May 6, 2026, 8:57 PM

Updated: May 6, 2026, 8:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Service Management Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating