CVE-2025-31981

MEDIUM

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption

Title source: cna

Description

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127605

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (2)

HCLSoftware/BigFix Service Management (SM) 23

hcltech/bigfix_service_management 23.0

Published Apr 21, 2026

Tracked Since Apr 21, 2026