Primary

Context

HCL BigFix SCM Reporting jQuery Vulnerability Allowing Client-Side Attacks

Vulnerability

A vulnerability exists in HCL BigFix SCM Reporting version 11.0.5 due to the use of an outdated jQuery 1.x library, which is no longer supported and has reached end-of-life. This obsolescence leaves the application exposed to known security vulnerabilities, potentially increasing the risk of client-side attacks, such as Cross-Site Scripting (XSS), or exploitation through vulnerable third-party components.

Impact

The outdated jQuery library could lead to client-side security vulnerabilities, including Cross-Site Scripting (XSS) attacks or manipulation through compromised third-party components.

Remediation

To address this vulnerability, users should update to version 168 in the SCM Reporting site. This can be done through the BigFix Console by selecting the SCM Reporting node under the Sites node, and clicking on 'Gather' to update the Current Version.

Added: May 13, 2026, 9:34 PM

Updated: May 13, 2026, 9:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL BigFix SCM Reporting jQuery Vulnerability Allowing Client-Side Attacks

Vulnerability

Impact

Remediation

Affected Products

HCL BigFix SCM Reporting

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating