Primary

Context

HCL BigFix Platform Insecure File Permissions Vulnerability on Private Cryptographic Keys

Vulnerability

Patched

A vulnerability exists in HCL BigFix Platform versions 11.0.0 through 11.0.5, related to insecure file permissions on private cryptographic keys. On Windows host machines, these keys may be exposed to overly permissive file system permissions, potentially allowing unauthorized access or modification.

Impact

The vulnerability could lead to unauthorized access or modification of private cryptographic keys, which may compromise the integrity and confidentiality of cryptographic operations and data protection within the application.

Remediation

Users can upgrade to BigFix Platform version 11.0.6. Instructions for applying this patch are available in the BigFix Console.

Added: Apr 2, 2026, 12:25 AM

Updated: Apr 2, 2026, 12:25 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

3.4

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

3.4

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix Platform Insecure File Permissions Vulnerability on Private Cryptographic Keys

Vulnerability

Impact

Remediation

Affected Products

HCL BigFix Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating