Primary

Context

HCL BigFix IVR Session Management Vulnerability Allowing Prolonged Unauthorized Access

Vulnerability

Patched

A vulnerability exists in the Web UI authentication component of HCL BigFix IVR version 4.2, where insufficient session expiration allows an authenticated attacker to maintain unauthorized access to protected API endpoints. This issue arises from excessively long expiration periods for sessions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to protected API endpoints, allowing attackers to interact with these endpoints as if they were authorized users.

Remediation

Users are advised to upgrade to HCL BigFix IVR version 4.2.1.0 or later. Instructions for upgrading are available in the BigFix Console under the 'Fixlets and Tasks' node.

Added: Jan 7, 2026, 2:36 PM

Updated: Jan 7, 2026, 2:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix IVR Session Management Vulnerability Allowing Prolonged Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

HCL BigFix IVR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating