Primary

Context

HCL BigFix SM Cryptographic Weakness Vulnerability Allowing Decryption or Manipulation of Encrypted Communications

Vulnerability

A cryptographic weakness vulnerability has been identified in HCL BigFix Service Management (SM) Version 23. This vulnerability arises from weak or outdated encryption algorithms, which an attacker with network access could exploit to decrypt or manipulate encrypted communications under certain conditions.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption or manipulation of encrypted communications, potentially allowing an attacker to intercept or alter data being transmitted.

Remediation

Users can upgrade to HCL BigFix SM version 26.0 to address this vulnerability.

Added: Aug 28, 2025, 5:25 PM

Updated: Aug 28, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix SM Cryptographic Weakness Vulnerability Allowing Decryption or Manipulation of Encrypted Communications

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating