HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data.

Basic Information

ID CVE-2025-31981

Source HCL

Published Apr 21, 2026 at 14:26

Modified Apr 21, 2026 at 14:28

Affected Product

Vendor HCLSoftware

Product BigFix Service Management (SM)

Version 23

Affected Versions HCLSoftware BigFix Service Management (SM) 23

CWE Classification

CWE-319

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.\u00a0 An attacker with access to the network traffic can sniff packets from the connection and uncover the data.",
    "published": "2026-04-21T14:26:39.400Z",
    "modified": "2026-04-21T14:28:24.452Z",
    "type": "cve",
    "title": "HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127605",
    "id": "CVE-2025-31981",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware BigFix Service Management (SM) 23",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Service Management (SM)",
    "version": "23",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption_CVE-2025-31981