Primary

Context

HCL BigFix Service Management Information Exposure Vulnerability in Reporting Module

Vulnerability

An information exposure vulnerability has been identified in HCL BigFix Service Management (SM) version 23. The issue arises from improper error handling in the reporting module, where supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request triggers an unhandled exception. This flaw could potentially be exploited to access sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure by causing the application to reveal details through unhandled exceptions.

Remediation

Users can upgrade to HCL BigFix Service Management (SM) version 27 to address this vulnerability.

Added: May 6, 2026, 8:57 PM

Updated: May 6, 2026, 8:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Service Management Information Exposure Vulnerability in Reporting Module

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating