Primary

Context

HCL BigFix Query Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A sensitive information disclosure vulnerability has been identified in the WebUI Query application of HCL BigFix Query, affecting all versions prior to 4.11.0. This vulnerability arises from an HTTP GET endpoint that returns responses disclosing group names and active user names or IDs. An attacker could exploit this information to target individuals with phishing or other social-engineering attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information, allowing attackers to conduct targeted phishing or social-engineering attacks.

Remediation

Users can upgrade to HCL BigFix WebUI Query version 4.11.0 to address this vulnerability. After upgrading, gathering of the WebUI Query site will automatically apply the new content.

Added: Nov 5, 2025, 3:24 PM

Updated: Nov 5, 2025, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Query Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL BigFix Query

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating