Primary

Context

HCL BigFix IVR Improper Authentication and Missing CSRF Protection Vulnerability

Vulnerability

A vulnerability exists in HCL BigFix IVR version 4.2 due to improper authentication and lack of Cross-Site Request Forgery (CSRF) protection in the local setup interface component. This allows a local attacker to make unauthorized configuration changes by sending unauthenticated administrative requests.

Impact

Exploitation of this vulnerability could lead to unauthorized configuration changes on the affected system.

Remediation

Users are advised to upgrade to HCL BigFix IVR version 4.2.1.0 or later. Instructions for upgrading are available in the BigFix Console under the 'Fixlets and Tasks' node.

Added: Jan 7, 2026, 2:36 PM

Updated: Jan 7, 2026, 2:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix IVR Improper Authentication and Missing CSRF Protection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating