Primary

Context

HCL BigFix Service Management File Upload Validation Bypass Vulnerability

Vulnerability

A file upload validation bypass vulnerability exists in HCL BigFix Service Management (SM) Version 23. The application does not properly enforce file type restrictions during the upload process, allowing attackers to bypass validation mechanisms and upload malicious or unauthorized files, such as scripts, executables, or web shells.

Impact

Exploitation of this vulnerability could lead to the upload of malicious files that could be executed on the server, potentially allowing for remote code execution or other malicious activities.

Remediation

Users can upgrade to HCL BigFix SM version 26.0 to address this vulnerability.

Added: Aug 28, 2025, 5:25 PM

Updated: Aug 28, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Service Management File Upload Validation Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating