A cryptographic weakness has been identified in the HCL BigFix...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.

Basic Information

ID CVE-2025-31977

Source HCL

Published Aug 28, 2025 at 17:00

Modified Aug 28, 2025 at 17:14

Affected Product

Vendor HCL Software

Product BigFix Service Management (SM)

Version 23

Affected Versions HCL Software BigFix Service Management (SM) 23

CWE Classification

CWE-311

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.\u00a0 An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.",
    "published": "2025-08-28T17:00:13.558Z",
    "modified": "2025-08-28T17:14:21.168Z",
    "type": "cve",
    "title": "A cryptographic weakness has been identified in the HCL BigFix Service Management (SM)",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123631",
    "id": "CVE-2025-31977",
    "bulletinFamily": "",
    "cwe": [
        "CWE-311"
    ],
    "cvelist": null,
    "sourceData": "HCL Software BigFix Service Management (SM) 23",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Service Management (SM)",
    "version": "23",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

A cryptographic weakness has been identified in the HCL BigFix Service Management (SM)_CVE-2025-31977