Primary

Context

HCL BigFix Service Management Spreadsheet File Handling Vulnerability Allowing Information Exfiltration

Vulnerability

A vulnerability exists in HCL BigFix Service Management (SM) version 23, where the application fails to properly sanitize or securely render spreadsheet files (CSV, XLS, XLSX) before processing or distribution. This oversight could enable an attacker to manipulate data fields in a way that, when the file is opened in spreadsheet software like Excel, could lead to information exfiltration or other malicious activities. Although current versions of Excel provide warnings about untrusted content, this vulnerability could still be exploited.

Impact

Exploitation of this vulnerability could result in unauthorized information exfiltration or execution of malicious activities through manipulated spreadsheet files.

Remediation

Users can upgrade to HCL BigFix Service Management (SM) version 27 to address this vulnerability.

Added: May 6, 2026, 7:08 PM

Updated: May 6, 2026, 7:08 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.6

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.6

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Service Management Spreadsheet File Handling Vulnerability Allowing Information Exfiltration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating