CVE-2025-31977

MEDIUM

Hcltech Bigfix Service Management - Missing Encryption

Title source: rule

Description

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.

References (1)

[Vendor Advisory] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123631

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

hcltech/bigfix_service_management 23.0

Published Aug 28, 2025

Tracked Since Feb 18, 2026