Primary

Context

HCL BigFix SaaS Authentication Service Cache Poisoning Vulnerability

Vulnerability

A cache poisoning vulnerability has been identified in the HCL BigFix SaaS Authentication Service. This issue arises because the HTTP responses from BigFix SaaS include the Origin header. When this header is reflected without proper validation, it creates an opportunity for cache poisoning attacks.

Impact

Exploitation of this vulnerability can lead to cache poisoning, where maliciously crafted responses are stored and potentially served to users, causing them to receive incorrect or harmful data.

Remediation

Users can upgrade to the latest versions of HCL BigFix SaaS Remediate Front End Applications and Back End Services to address this vulnerability. Specific version details can be found in the HCL BigFix SaaS Remediate Security Bulletin.

Added: Aug 15, 2025, 11:17 PM

Updated: Aug 15, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix SaaS Authentication Service Cache Poisoning Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating