Primary

Context

HCL BigFix Service Management Discovery Unenforced Encryption Vulnerability

Vulnerability

A vulnerability allowing unenforced encryption has been identified in HCL BigFix Service Management (SM) Discovery, version 23. The issue arises because port 80 (HTTP) is open, permitting unencrypted access. This configuration allows an attacker with access to the network traffic to intercept packets and potentially uncover sensitive data.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of unencrypted data transmitted over the network.

Remediation

Users are advised to upgrade to HCL BigFix Service Management Version 27.

Added: Apr 21, 2026, 4:15 PM

Updated: Apr 21, 2026, 4:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Service Management Discovery Unenforced Encryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating