HCL BigFix Remote Control Server WebUI is affected by a...

4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.

Basic Information

ID CVE-2026-21785

Source HCL

Published May 27, 2026 at 20:15

Affected Product

Vendor HCLSoftware

Product BigFix Remote Control Server

Version <= versions 10.1.0.0442

Affected Versions HCLSoftware BigFix Remote Control Server <= versions 10.1.0.0442

CWE Classification

CWE-1021

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.",
    "published": "2026-05-27T20:15:56.441Z",
    "modified": "2026-05-27T20:15:56.441Z",
    "type": "cve",
    "title": "HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130581",
    "id": "CVE-2026-21785",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1021"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware BigFix Remote Control Server <= versions 10.1.0.0442",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Remote Control Server",
    "version": "<= versions 10.1.0.0442",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy_CVE-2026-21785