HCL BigFix Service Management (SM) had directories that were not...

3.7 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

Description

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.

Basic Information

ID CVE-2025-31982

Source HCL

Published May 6, 2026 at 13:46

Affected Product

Vendor HCL Software

Product BigFix Service Management (SM)

Version 23

Affected Versions HCL Software BigFix Service Management (SM) 23

CWE Classification

CWE-200

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.",
    "published": "2026-05-06T13:46:05.065Z",
    "modified": "2026-05-06T13:46:05.065Z",
    "type": "cve",
    "title": "HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144",
    "id": "CVE-2025-31982",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "HCL Software BigFix Service Management (SM) 23",
    "sourceHref": "",
    "cvss": {
        "score": 3.7,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Service Management (SM)",
    "version": "23",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl_CVE-2025-31982