HCL BigFix WebUI is affected by a missing authorization vulnerability

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

Basic Information

ID CVE-2025-15634

Source HCL

Published May 9, 2026 at 05:05

Affected Product

Vendor HCLSoftware

Product BigFix WebUI

Version all versions

Affected Versions HCLSoftware BigFix WebUI all versions

CWE Classification

CWE-862

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.",
    "published": "2026-05-09T05:05:33.534Z",
    "modified": "2026-05-09T05:05:33.534Z",
    "type": "cve",
    "title": "HCL BigFix WebUI is affected by a missing authorization vulnerability",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587",
    "id": "CVE-2025-15634",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware BigFix WebUI all versions",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix WebUI",
    "version": "all versions",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix WebUI is affected by a missing authorization vulnerability_CVE-2025-15634